Some few words:

  • PHP 5.5+ mandatory as a more secure system has been implemented for passwords stored in the database, system which needs at least this version of PHP
  • Informations displayed on dashboard, as Dotclear updates or news, are now fetch from Dotclear server in asynchronous way, so no more dashboard blocked by a ghost server!
  • A new driver for MySQL databases encoded with UTF8-mb4
  • Some bugs fixed
  • Some refinements in administrative UX


Note for users and administrator:

The new encryption system for password does not require any migration procedure. This will be done only once at the very next user authentication.

Notes for developers:

The new password system implies two backward incompatibilities:

  1. The function checkPassword() (/inc/core/class.dc.auth.php) requires now a non encrypted password (usually form field contents) rather than an encrypted form.
    So you now have to use $core->auth->checkPassword($_POST['your_pwd']) rather than $core->auth->checkPassword($core->auth->crypt($_POST['your_pwd'])).

  2. The function crypt() (/inc/core/class.dc.auth.php) no more give the same results with the same parameter. If you need an "old fashion" encrypted password, you have to use cryptLegacy() function (same file).

If you need a unique UID/key, use http::browserUID(DC_MASTER_KEY.$core->auth->userID().$core->auth->cryptLegacy($core->auth->userID())) (may be refined in future).