2018 Jan 13
Some few words:
- PHP 5.5+ mandatory as a more secure system has been implemented for passwords stored in the database, system which needs at least this version of PHP
- Informations displayed on dashboard, as Dotclear updates or news, are now fetch from Dotclear server in asynchronous way, so no more dashboard blocked by a ghost server!
- A new driver for MySQL databases encoded with UTF8-mb4
- Some bugs fixed
- Some refinements in administrative UX
Enjoy!
Note for users and administrator:
The new encryption system for password does not require any migration procedure. This will be done only once at the very next user authentication.
Notes for developers:
The new password system implies two backward incompatibilities:
- The function checkPassword() (/inc/core/class.dc.auth.php) requires now a non encrypted password (usually form field contents) rather than an encrypted form.
So you now have to use$core->auth->checkPassword($_POST['your_pwd'])rather than$core->auth->checkPassword($core->auth->crypt($_POST['your_pwd'])). - The function crypt() (/inc/core/class.dc.auth.php) no more give the same results with the same parameter. If you need an "old fashion" encrypted password, you have to use cryptLegacy() function (same file).
If you need a unique UID/key, use http::browserUID(DC_MASTER_KEY.$core->auth->userID().$core->auth->cryptLegacy($core->auth->userID())) (may be refined in future).