fellowgeek · fellowgeek · Aug 5, 2025 · Jul 30, 2025 · Jul 30, 2025 · Jul 31, 2025
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,4 +1,3 @@
-version: '3'
 services:
   web:
     image: nginx:latest

diff --git a/private/PHP-Custom.ini b/private/PHP-Custom.ini
@@ -1,3 +1,9 @@
 memory_limit = 512M
 post_max_size = 128M
 upload_max_filesize = 128M
+
+; Enable display of errors (for development, consider setting to Off in production)
+display_errors = On
+
+; Enable error logging
+log_errors = On
diff --git a/private/PHP.Dockerfile b/private/PHP.Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.3-fpm
+FROM php:8.4-fpm
 
 # Install system dependencies for GD and other extensions
 RUN apt-get update && apt-get install -y \

diff --git a/public/app/controllers/cAdmin.php b/public/app/controllers/cAdmin.php
@@ -450,7 +450,7 @@ public function createUserRow($request) {
             $checkPasswordSecurity = $this->checkPasswordSecurity($request->payload->PASSWORD);
             if ($checkPasswordSecurity === 'secure') {
                 $request->payload->PASSWORD = password_hash(
-                    $request->payload->PASSWORD,
+                    $request->payload->PASSWORD . __OHCRUD_SECRET__,
                     PASSWORD_BCRYPT,
                     [
                         'cost' => 14

diff --git a/public/app/models/mFiles.php b/public/app/models/mFiles.php
@@ -41,11 +41,12 @@ function __construct() {
                             `ID` int(11) unsigned NOT NULL AUTO_INCREMENT,
                             `NAME` varchar(128) NOT NULL DEFAULT '',
                             `PATH` varchar(256) NOT NULL DEFAULT '',
-                            `SIZE` bigint(20) unsigned NOT NULL DEFAULT '0',
+                            `SIZE` bigint(20) unsigned NOT NULL DEFAULT 0,
                             `TYPE` varchar(32) NOT NULL DEFAULT '',
                             `IP` varchar(32) NOT NULL DEFAULT '',
                             `STATUS` tinyint(1) NOT NULL DEFAULT 0,
                             PRIMARY KEY (`ID`),
+                            UNIQUE KEY `idx_NAME` (`NAME`) USING BTREE,
                             UNIQUE KEY `idx_PATH` (`PATH`) USING BTREE
                             ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
                     ";

diff --git a/public/app/models/mPages.php b/public/app/models/mPages.php
@@ -39,8 +39,8 @@ function __construct() {
                             `URL` varchar(256) NOT NULL DEFAULT '',
                             `TITLE` varchar(256) NOT NULL DEFAULT '',
                             `TEXT` mediumtext NOT NULL,
-                            `GROUP` int(10) unsigned NOT NULL DEFAULT '0',
-                            `PERMISSIONS` int(10) NOT NULL DEFAULT '-1',
+                            `GROUP` int(10) unsigned NOT NULL DEFAULT 0,
+                            `PERMISSIONS` int(10) NOT NULL DEFAULT -1,
                             `THEME` varchar(32) NOT NULL DEFAULT '',
                             `LAYOUT` varchar(32) NOT NULL DEFAULT '',
                             `STATUS` tinyint(1) NOT NULL DEFAULT 0,

diff --git a/public/ohcrud/Users.php b/public/ohcrud/Users.php
@@ -48,12 +48,12 @@ function __construct() {
                         `HASH` varchar(128) NOT NULL DEFAULT '',
                         `PASSWORD` varchar(256) NOT NULL DEFAULT '',
                         `NAME` varchar(64) NOT NULL DEFAULT '',
-                        `GROUP` int(10) unsigned NOT NULL DEFAULT '0',
-                        `PERMISSIONS` int(10) unsigned NOT NULL DEFAULT '0',
+                        `GROUP` int(10) unsigned NOT NULL DEFAULT 0,
+                        `PERMISSIONS` int(10) unsigned NOT NULL DEFAULT 0,
                         `TOKEN` varchar(256) NOT NULL DEFAULT '',
                         `TOTP_SECRET` varchar(256) NOT NULL DEFAULT '',
                         `STATUS` tinyint(1) NOT NULL DEFAULT 0,
-                        `TOTP` int(10) unsigned NOT NULL DEFAULT '0',
+                        `TOTP` int(10) unsigned NOT NULL DEFAULT 0,
                         PRIMARY KEY (`ID`),
                         UNIQUE KEY `idx_USERNAME` (`USERNAME`) USING BTREE,
                         UNIQUE KEY `idx_EMAIL` (`EMAIL`) USING BTREE,
@@ -339,12 +339,8 @@ public function verify($id, $TOTP_CODE) {
 
     // Generate a randomized API token based on the username
     public function generateToken($username) {
-        $randomString = '';
-        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-        for($i = 0; $i < 32; $i++) {
-            $randomString .= $characters[rand(0, strlen($characters) - 1)];
-        }
-        return hash('sha1', __OHCRUD_SECRET__ . (isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : PHP_SAPI) . $username . $randomString . time());
+        $randomString = bin2hex(random_bytes(32));
+        return hash('sha1', __OHCRUD_SECRET__ . $username . $randomString . time());
     }
 
 }
diff --git a/public/themes/admin/assets/js/admin.js b/public/themes/admin/assets/js/admin.js
@@ -1589,7 +1589,7 @@ function buildFormFromData(table, columns, elementId, rowData = {}) {
 
     // Function to determine if a field should be readonly
     function isReadonly(column) {
-        return (column.EXTRA === 'auto_increment' || ['CDATE', 'MDATE', 'CUSER', 'MUSER'].includes(column.NAME));
+        return (column.EXTRA === 'auto_increment' || column.PRIMARY_KEY === true || ['CDATE', 'MDATE', 'CUSER', 'MUSER'].includes(column.NAME));
     }
 
     // Function to get field value from row data