Remove password compat

2020-02-19 19:26:19 +01:00 · 2020-02-19 19:26:19 +01:00 · 9639201702
commit 9639201702
parent ab261741a4
15 changed files with 4 additions and 354 deletions
--- a/README.md
+++ b/README.md
@ -6,8 +6,8 @@ Together with a dedicated [μlogger mobile client](https://github.com/bfabiszews
 ## Live demo:
 - http://ulogger-demo.herokuapp.com (test track upload with Android app and editing, login: demo, password: demo)
-## Requirements:
+## Minimum requirements:
- PHP 5.5 (5.4 with [password_compat](https://github.com/bfabiszewski/ulogger-server/blob/04b2b771398d8511bfa6fe8a85d58162bd32fc46/helpers/user.php#L24))
+- PHP 5.5
 - PHP extensions: ctype, json, pdo (with respective drivers), session, simplexml, xmlwriter, xdebug (only for tests)
 - MySQL, PostgreSQL or SQLite (over PDO driver)
 - browser with javascript enabled, cookies for authentication and saving preferences
--- a/helpers/password.php
+++ b/helpers/password.php
@ -1,317 +0,0 @@
 <?php
 /**
 * A Compatibility library with PHP 5.5's simplified password hashing API.
 *
 * @author Anthony Ferrara <ircmaxell@php.net>
 * @license http://www.opensource.org/licenses/mit-license.html MIT License
 * @copyright 2012 The Authors
 */
 namespace {
    if (!defined('PASSWORD_BCRYPT')) {
        /**
         * PHPUnit Process isolation caches constants, but not function declarations.
         * So we need to check if the constants are defined separately from
         * the functions to enable supporting process isolation in userland
         * code.
         */
        define('PASSWORD_BCRYPT', 1);
        define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
        define('PASSWORD_BCRYPT_DEFAULT_COST', 10);
    }
    if (!function_exists('password_hash')) {
        /**
         * Hash the password using the specified algorithm
         *
         * @param string $password The password to hash
         * @param int    $algo     The algorithm to use (Defined by PASSWORD_* constants)
         * @param array  $options  The options for the algorithm to use
         *
         * @return string|false The hashed password, or false on error.
         */
        function password_hash($password, $algo, array $options = array()) {
            if (!function_exists('crypt')) {
                trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
                return null;
            }
            if (is_null($password) || is_int($password)) {
                $password = (string) $password;
            }
            if (!is_string($password)) {
                trigger_error("password_hash(): Password must be a string", E_USER_WARNING);
                return null;
            }
            if (!is_int($algo)) {
                trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING);
                return null;
            }
            $resultLength = 0;
            switch ($algo) {
                case PASSWORD_BCRYPT:
                    $cost = PASSWORD_BCRYPT_DEFAULT_COST;
                    if (isset($options['cost'])) {
                        $cost = (int) $options['cost'];
                        if ($cost < 4 || $cost > 31) {
                            trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING);
                            return null;
                        }
                    }
                    // The length of salt to generate
                    $raw_salt_len = 16;
                    // The length required in the final serialization
                    $required_salt_len = 22;
                    $hash_format = sprintf("$2y$%02d$", $cost);
                    // The expected length of the final crypt() output
                    $resultLength = 60;
                    break;
                default:
                    trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
                    return null;
            }
            $salt_req_encoding = false;
            if (isset($options['salt'])) {
                switch (gettype($options['salt'])) {
                    case 'NULL':
                    case 'boolean':
                    case 'integer':
                    case 'double':
                    case 'string':
                        $salt = (string) $options['salt'];
                        break;
                    case 'object':
                        if (method_exists($options['salt'], '__tostring')) {
                            $salt = (string) $options['salt'];
                            break;
                        }
                    case 'array':
                    case 'resource':
                    default:
                        trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING);
                        return null;
                }
                if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) {
                    trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING);
                    return null;
                } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
                    $salt_req_encoding = true;
                }
            } else {
                $buffer = '';
                $buffer_valid = false;
                if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
                    $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
                    if ($buffer) {
                        $buffer_valid = true;
                    }
                }
                if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
                    $strong = false;
                    $buffer = openssl_random_pseudo_bytes($raw_salt_len, $strong);
                    if ($buffer && $strong) {
                        $buffer_valid = true;
                    }
                }
                if (!$buffer_valid && @is_readable('/dev/urandom')) {
                    $file = fopen('/dev/urandom', 'r');
                    $read = 0;
                    $local_buffer = '';
                    while ($read < $raw_salt_len) {
                        $local_buffer .= fread($file, $raw_salt_len - $read);
                        $read = PasswordCompat\binary\_strlen($local_buffer);
                    }
                    fclose($file);
                    if ($read >= $raw_salt_len) {
                        $buffer_valid = true;
                    }
                    $buffer = str_pad($buffer, $raw_salt_len, "\0") ^ str_pad($local_buffer, $raw_salt_len, "\0");
                }
                if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) {
                    $buffer_length = PasswordCompat\binary\_strlen($buffer);
                    for ($i = 0; $i < $raw_salt_len; $i++) {
                        if ($i < $buffer_length) {
                            $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
                        } else {
                            $buffer .= chr(mt_rand(0, 255));
                        }
                    }
                }
                $salt = $buffer;
                $salt_req_encoding = true;
            }
            if ($salt_req_encoding) {
                // encode string with the Base64 variant used by crypt
                $base64_digits =
                    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
                $bcrypt64_digits =
                    './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
                $base64_string = base64_encode($salt);
                $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits);
            }
            $salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len);
            $hash = $hash_format . $salt;
            $ret = crypt($password, $hash);
            if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != $resultLength) {
                return false;
            }
            return $ret;
        }
        /**
         * Get information about the password hash. Returns an array of the information
         * that was used to generate the password hash.
         *
         * array(
         *    'algo' => 1,
         *    'algoName' => 'bcrypt',
         *    'options' => array(
         *        'cost' => PASSWORD_BCRYPT_DEFAULT_COST,
         *    ),
         * )
         *
         * @param string $hash The password hash to extract info from
         *
         * @return array The array of information about the hash.
         */
        function password_get_info($hash) {
            $return = array(
                'algo' => 0,
                'algoName' => 'unknown',
                'options' => array(),
            );
            if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) {
                $return['algo'] = PASSWORD_BCRYPT;
                $return['algoName'] = 'bcrypt';
                list($cost) = sscanf($hash, "$2y$%d$");
                $return['options']['cost'] = $cost;
            }
            return $return;
        }
        /**
         * Determine if the password hash needs to be rehashed according to the options provided
         *
         * If the answer is true, after validating the password using password_verify, rehash it.
         *
         * @param string $hash    The hash to test
         * @param int    $algo    The algorithm used for new password hashes
         * @param array  $options The options array passed to password_hash
         *
         * @return boolean True if the password needs to be rehashed.
         */
        function password_needs_rehash($hash, $algo, array $options = array()) {
            $info = password_get_info($hash);
            if ($info['algo'] !== (int) $algo) {
                return true;
            }
            switch ($algo) {
                case PASSWORD_BCRYPT:
                    $cost = isset($options['cost']) ? (int) $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST;
                    if ($cost !== $info['options']['cost']) {
                        return true;
                    }
                    break;
            }
            return false;
        }
        /**
         * Verify a password against a hash using a timing attack resistant approach
         *
         * @param string $password The password to verify
         * @param string $hash     The hash to verify against
         *
         * @return boolean If the password matches the hash
         */
        function password_verify($password, $hash) {
            if (!function_exists('crypt')) {
                trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
                return false;
            }
            $ret = crypt($password, $hash);
            if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) {
                return false;
            }
            $status = 0;
            for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) {
                $status |= (ord($ret[$i]) ^ ord($hash[$i]));
            }
            return $status === 0;
        }
    }
 }
 namespace PasswordCompat\binary {
    if (!function_exists('PasswordCompat\\binary\\_strlen')) {
        /**
         * Count the number of bytes in a string
         *
         * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension.
         * In this case, strlen() will count the number of *characters* based on the internal encoding. A
         * sequence of bytes might be regarded as a single multibyte character.
         *
         * @param string $binary_string The input string
         *
         * @internal
         * @return int The number of bytes
         */
        function _strlen($binary_string) {
            if (function_exists('mb_strlen')) {
                return mb_strlen($binary_string, '8bit');
            }
            return strlen($binary_string);
        }
        /**
         * Get a substring based on byte limits
         *
         * @see _strlen()
         *
         * @param string $binary_string The input string
         * @param int    $start
         * @param int    $length
         *
         * @internal
         * @return string The substring
         */
        function _substr($binary_string, $start, $length) {
            if (function_exists('mb_substr')) {
                return mb_substr($binary_string, $start, $length, '8bit');
            }
            return substr($binary_string, $start, $length);
        }
        /**
         * Check if current PHP version is compatible with the library
         *
         * @return boolean the check result
         */
        function check() {
            static $pass = NULL;
            if (is_null($pass)) {
                if (function_exists('crypt')) {
                    $hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG';
                    $test = crypt("password", $hash);
                    $pass = $test == $hash;
                } else {
                    $pass = false;
                }
            }
            return $pass;
        }
    }
 }
--- a/helpers/user.php
+++ b/helpers/user.php
@ -21,9 +21,6 @@
  require_once(ROOT_DIR . "/helpers/track.php");
  require_once(ROOT_DIR . "/helpers/position.php");
  // for PHP 5.4 uncomment following line to include password_compat library
  //require_once(ROOT_DIR . "/helpers/password.php");
 /**
  * User handling routines
  */
--- a/lang/cs.php
+++ b/lang/cs.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "Bohužel se něco pokazilo. Můžete se pokusit naj
 $langSetup["welcome"] = "Vítejte v µloggeru. ";
 $langSetup["disabledwarn"] = "Z bezpečnostních důvodů je tento skript ve výchozím nastavení zakázán. Pro jeho aktivaci musíte upravit soubor  'scripts/setup.php'  v textovém editoru a nastavit %s proměnnou na začátku souboru na %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Řádek: %s by měl číst: %s";
 $langSetup["passfuncwarn"] = "Vaše verze PHP nepodporuje funkce hesla, které jsou dodávány s PHP 5.5. Musíte zahrnout knihovnu password_compat.";
 $langSetup["passfunchack"] = "Upravte soubor 'helpers/user.php' a řádek s příkazy včetně 'helpers/password.php'.";
 $langSetup["dorestart"] = "Po dokončení skriptu restartujte tento skript.";
 $langSetup["createconfig"] = "Vytvořte soubor 'config.php' v kořenové složce. Můžete začít zkopírováním z 'config.default.php'. Ujistěte se, že jste nastavili konfigurační hodnoty tak, aby odpovídaly vašim potřebám a nastavení vaší databáze.";
 $langSetup["nodbsettings"] = "Musíte zadat své údaje databáze v souboru 'config.php' (%s)."; // substitutes variable names
--- a/lang/de.php
+++ b/lang/de.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "Das hat leider nicht funktioniert. Du findest mögl
 $langSetup["welcome"] = "Willkommen bei µlogger!";
 $langSetup["disabledwarn"] = "Aus Sicherheitsgründen ist das Skript standardmäßig deaktiviert. Zum Aktivieren editiere die Datei 'scripts/setup.php' und setze die Variable %s am Anfang der Datei auf den Wert %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Zeile %s sollte den Wert %s enthalten.";
 $langSetup["passfuncwarn"] = "Your PHP version does not support password functions that ship with PHP 5.5. You have to include password_compat library.";
 $langSetup["passfunchack"] = "Please edit 'helpers/user.php' file and uncomment line including 'helpers/password.php'.";
 $langSetup["dorestart"] = "Rufe das Skript erneut auf wenn das erledigt ist.";
 $langSetup["createconfig"] = "Bitte erstellt die Datei 'config.php' im Stammverzeichnis. Du kannst die Datei 'config.default.php' umbenennen oder kopieren. Stelle sicher, dass in der Datei die korrekten Einstellungen hinterlegt sind.";
 $langSetup["nodbsettings"] = "Die Verbindungsdaten zur Datenbank müssen in der Datei 'config.php' hinterlegt werden. (%s)"; // substitutes variable names
--- a/lang/en.php
+++ b/lang/en.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "Unfortunately something has gone wrong. You may try
 $langSetup["welcome"] = "Welcome to µlogger!";
 $langSetup["disabledwarn"] = "For security reasons this script is disabled by default. To enable it you must edit 'scripts/setup.php' file in text editor and set %s variable at the beginning of the file to %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Line: %s should read: %s";
 $langSetup["passfuncwarn"] = "Your PHP version does not support password functions that ship with PHP 5.5. You have to include password_compat library.";
 $langSetup["passfunchack"] = "Please edit 'helpers/user.php' file and uncomment line including 'helpers/password.php'.";
 $langSetup["dorestart"] = "Please restart this script when you are done.";
 $langSetup["createconfig"] = "Please create 'config.php' file in root folder. You may start by copying it from 'config.default.php'. Make sure that you adjust config values to match your needs and your database setup.";
 $langSetup["nodbsettings"] = "You must provide your database credentials in 'config.php' file (%s)."; // substitutes variable names
--- a/lang/es.php
+++ b/lang/es.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "Unfortunately something has gone wrong. You may try
 $langSetup["welcome"] = "Welcome to µlogger!";
 $langSetup["disabledwarn"] = "For security reasons this script is disabled by default. To enable it you must edit 'scripts/setup.php' file in text editor and set %s variable at the beginning of the file to %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Line: %s should read: %s";
 $langSetup["passfuncwarn"] = "Your PHP version does not support password functions that ship with PHP 5.5. You have to include password_compat library.";
 $langSetup["passfunchack"] = "Please edit 'helpers/user.php' file and uncomment line including 'helpers/password.php'.";
 $langSetup["dorestart"] = "Please restart this script when you are done.";
 $langSetup["createconfig"] = "Please create 'config.php' file in root folder. You may start by copying it from 'config.default.php'. Make sure that you adjust config values to match your needs and your database setup.";
 $langSetup["nodbsettings"] = "You must provide your database credentials in 'config.php' file (%s)."; // substitutes variable names
--- a/lang/fr.php
+++ b/lang/fr.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "Unfortunately something has gone wrong. You may try
 $langSetup["welcome"] = "Welcome to µlogger!";
 $langSetup["disabledwarn"] = "For security reasons this script is disabled by default. To enable it you must edit 'scripts/setup.php' file in text editor and set %s variable at the beginning of the file to %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Line: %s should read: %s";
 $langSetup["passfuncwarn"] = "Your PHP version does not support password functions that ship with PHP 5.5. You have to include password_compat library.";
 $langSetup["passfunchack"] = "Please edit 'helpers/user.php' file and uncomment line including 'helpers/password.php'.";
 $langSetup["dorestart"] = "Please restart this script when you are done.";
 $langSetup["createconfig"] = "Please create 'config.php' file in root folder. You may start by copying it from 'config.default.php'. Make sure that you adjust config values to match your needs and your database setup.";
 $langSetup["nodbsettings"] = "You must provide your database credentials in 'config.php' file (%s)."; // substitutes variable names
--- a/lang/hu.php
+++ b/lang/hu.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "Unfortunately something has gone wrong. You may try
 $langSetup["welcome"] = "Welcome to µlogger!";
 $langSetup["disabledwarn"] = "For security reasons this script is disabled by default. To enable it you must edit 'scripts/setup.php' file in text editor and set %s variable at the beginning of the file to %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Line: %s should read: %s";
 $langSetup["passfuncwarn"] = "Your PHP version does not support password functions that ship with PHP 5.5. You have to include password_compat library.";
 $langSetup["passfunchack"] = "Please edit 'helpers/user.php' file and uncomment line including 'helpers/password.php'.";
 $langSetup["dorestart"] = "Please restart this script when you are done.";
 $langSetup["createconfig"] = "Please create 'config.php' file in root folder. You may start by copying it from 'config.default.php'. Make sure that you adjust config values to match your needs and your database setup.";
 $langSetup["nodbsettings"] = "You must provide your database credentials in 'config.php' file (%s)."; // substitutes variable names
--- a/lang/it.php
+++ b/lang/it.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "Qualcosa è andato storto. Potresti trovare maggior
 $langSetup["welcome"] = "Benvenuto su µlogger!";
 $langSetup["disabledwarn"] = "Per ragioni di sicurezza questo script è disabilitato di default. Per abilitarlo devi modificare il file 'scripts/setup.php' con un editor di testo ed impostare la variabile %s all'inizio del file in %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Linea: %s dovrebbe essere: %s";
 $langSetup["passfuncwarn"] = "La tua versione di PHP non supporta le funzioni per le password di PHP 5.5. Devi includere la libreria password_compat.";
 $langSetup["passfunchack"] = "Modificare il file 'helpers/user.php' e decommentare la linea che include 'helpers/password.php'.";
 $langSetup["dorestart"] = "Riavviare lo script quando hai finito.";
 $langSetup["createconfig"] = "Creare il file 'config.php' nella cartella radice. Puoi cominciare copiando il file 'config.default.php'. Modifica i valori per renderli compatibili con il tuo database.";
 $langSetup["nodbsettings"] = "Devi provvedere le credenziali del database in 'config.php' (%s)."; // substitutes variable names
--- a/lang/nl.php
+++ b/lang/nl.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "Unfortunately something has gone wrong. You may try
 $langSetup["welcome"] = "Welcome to µlogger!";
 $langSetup["disabledwarn"] = "For security reasons this script is disabled by default. To enable it you must edit 'scripts/setup.php' file in text editor and set %s variable at the beginning of the file to %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Line: %s should read: %s";
 $langSetup["passfuncwarn"] = "Your PHP version does not support password functions that ship with PHP 5.5. You have to include password_compat library.";
 $langSetup["passfunchack"] = "Please edit 'helpers/user.php' file and uncomment line including 'helpers/password.php'.";
 $langSetup["dorestart"] = "Please restart this script when you are done.";
 $langSetup["createconfig"] = "Please create 'config.php' file in root folder. You may start by copying it from 'config.default.php'. Make sure that you adjust config values to match your needs and your database setup.";
 $langSetup["nodbsettings"] = "You must provide your database credentials in 'config.php' file (%s)."; // substitutes variable names
--- a/lang/pl.php
+++ b/lang/pl.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "Niestety coś poszło nie tak. Może znajdziesz wi
 $langSetup["welcome"] = "Witaj w µloggerze!";
 $langSetup["disabledwarn"] = "Ze względów bezpieczeństwa ten skrypt jest domyślnie wyłączony. Aby go aktywować należy otworzyć plik 'scripts/setup.php' w edytorze tekstu i zmienić wartość zmiennej %s na początku pliku na %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Linia: %s powinna zostać zmieniona na: %s";
 $langSetup["passfuncwarn"] = "Zainstalowana wersja PHP nie zawiera funkcji obsługujących hasła, dostępnych od wersji PHP 5.5. Musisz włączyć bibliotekę 'password_compat'.";
 $langSetup["passfunchack"] = "Otwórz proszę plik 'helpers/user.php' w edytorze tekstu i odkomentuj linię włączającą 'helpers/password.php'.";
 $langSetup["dorestart"] = "Uruchom ten skrypt ponownie, kiedy zakończysz.";
 $langSetup["createconfig"] = "Utwórz proszę plik 'config.php' w głównym folderze. Możesz skopiować jego początkową zawartość z pliku 'config.default.php'. Pamiętaj, żeby dostosować konfiguracje do swoich potrzeb i ustawień bazy danych.";
 $langSetup["nodbsettings"] = "Musisz skonfigurować parametry dostępu do bazy danych w pliku 'config.php' (%s)."; // substitutes variable names
--- a/lang/ru.php
+++ b/lang/ru.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "К сожалению что-то пошло не
 $langSetup["welcome"] = "Добро пожаловать в µlogger!";
 $langSetup["disabledwarn"] = "По соображениям безопасности этот скрипт отключен по умолчанию. Чтобы включить его вы должны отредактировать файл 'scripts/setup.php' и задать значение переменной %s в начале файла как %s."; // substitutes variable name and value
 $langSetup["lineshouldread"] = "Строка: %s должна читать: %s";
 $langSetup["passfuncwarn"] = "Установленная версия PHP не поддерживает функции паролей доступные с PHP 5.5. Вы должны включить password_compat библиотеку.";
 $langSetup["passfunchack"] = "Пожалуйста измените файл 'helpers/user.php' так, чтобы включить 'helpers/password.php'.";
 $langSetup["dorestart"] = "Пожалуйста перезапустите этот скрипт, когда закончите.";
 $langSetup["createconfig"] = "Пожалуйста создайте файл 'config.php' в корневой директории. Вы можете просто скопировать его с 'config.default.php' и задать ваши параметры для доступа к вашей базе данных.";
 $langSetup["nodbsettings"] = "Вам нужно сконфигурировать доступ к вашей базе данных в 'config.php' (%s)."; // substitutes variable names
--- a/lang/zh.php
+++ b/lang/zh.php
@ -34,8 +34,6 @@ $langSetup["setupfailed"] = "很不幸，出現了一些錯誤。您可以在網
 $langSetup["welcome"] = "歡迎來到µlogger!";
 $langSetup["disabledwarn"] = "由於安全原因這個腳本默認時禁用的。要啟用它，您可以通過編輯 'scripts/setup.php' 把檔案開始部分 %s 的值設置為 %s。"; // substitutes variable name and value
 $langSetup["lineshouldread"] = "行： %s 應該修改為： %s";
 $langSetup["passfuncwarn"] = "您的PHP版本不支援PHP 5.5自帶的密碼函數。您需要引入額外的密碼適配庫。";
 $langSetup["passfunchack"] = "請編輯 'helpers/user.php' 這個檔案，取消引入'helpers/password.php'這一行的注釋。";
 $langSetup["dorestart"] = "完成後請重新執行本腳本。";
 $langSetup["createconfig"] = "請在項目根目錄創建 'config.php' 檔案。 您可以將'config.default.php'複製為'config.php'。請記得修改裡面的數據庫配置和其他你想要修改的項目。";
 $langSetup["nodbsettings"] = "您必須在'config.php' file (%s) 中提供你的數據庫鏈接資料。"; // substitutes variable names
--- a/scripts/setup.php
+++ b/scripts/setup.php
@ -25,8 +25,8 @@ $enabled = false;
 /* no user modifications should be needed below */
 /** @noinspection ConstantCanBeUsedInspection */
-if (version_compare(PHP_VERSION, "5.4.0", "<")) {
+if (version_compare(PHP_VERSION, "5.5.0", "<")) {
-  die("Sorry, ulogger will not work with PHP version lower than 5.4 (you have " . PHP_VERSION . ")");
+  die("Sorry, ulogger will not work with PHP version lower than 5.5 (you have " . PHP_VERSION . ")");
 }
 define("ROOT_DIR", dirname(__DIR__));
@ -112,14 +112,6 @@ switch ($command) {
      $messages[] = "<form method=\"post\" action=\"setup.php\"><button>{$langSetup["restartbutton"]}</button></form>";
      break;
    }
    if (!function_exists("password_hash")) {
      $messages[] = $langSetup["passfuncwarn"];
      $messages[] = $langSetup["passfunchack"];
      $messages[] = sprintf($langSetup["lineshouldread"], "<br><span class=\"warn\">//require_once(ROOT_DIR . \"/helpers/password.php\");</span><br>", "<br><span class=\"ok\">require_once(ROOT_DIR . \"/helpers/password.php\");</span>");
      $messages[] = $langSetup["dorestart"];
      $messages[] = "<form method=\"post\" action=\"setup.php\"><button>{$langSetup["restartbutton"]}</button></form>";
      break;
    }
    if (!uConfig::isFileLoaded()) {
      $messages[] = $langSetup["createconfig"];
      $messages[] = $langSetup["dorestart"];