ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system)

inc/mod/auth.php

@@ -76,20 +76,20 @@ function generate_salt() {
 function login($username, $password) {
 	global $mod, $config;
 	
-	$query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM ``mods`` WHERE `username` = :username");
+	$query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE `username` = :username");
 	$query->bindValue(':username', $username);
 	$query->execute() or error(db_error($query));
 	
 	if ($user = $query->fetch(PDO::FETCH_ASSOC)) {
-		list($version, $ok) = test_password($user['password'], $user['salt'], $password);
+		list($version, $ok) = test_password($user['password'], $user['version'], $password);
 
 		if ($ok) {
 			if ($config['password_crypt_version'] > $version) {
 				// It's time to upgrade the password hashing method!
-				list ($user['salt'], $user['password']) = crypt_password($password);
-				$query = prepare("UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id");
+				list ($user['version'], $user['password']) = crypt_password($password);
+				$query = prepare("UPDATE ``mods`` SET `password` = :password, `version` = :version WHERE `id` = :id");
 				$query->bindValue(':password', $user['password']);
-				$query->bindValue(':salt', $user['salt']);
+				$query->bindValue(':version', $user['version']);
 				$query->bindValue(':id', $user['id']);
 				$query->execute() or error(db_error($query));
 			}

inc/mod/pages.php

@@ -1734,12 +1734,12 @@ function mod_user($uid) {
 		}
 		
 		if ($_POST['password'] != '') {
-			list($salt, $password) = crypt_password($_POST['password']);
+			list($version, $password) = crypt_password($_POST['password']);
 
-			$query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
+			$query = prepare('UPDATE ``mods`` SET `password` = :password, `version` = :version WHERE `id` = :id');
 			$query->bindValue(':id', $uid);
 			$query->bindValue(':password', $password);
-			$query->bindValue(':salt', $salt);
+			$query->bindValue(':version', $version);
 			$query->execute() or error(db_error($query));
 			
 			modLog('Changed password for ' . utf8tohtml($_POST['username']) . ' <small>(#' . $user['id'] . ')</small>');
@@ -1760,12 +1760,12 @@ function mod_user($uid) {
 	
 	if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) {
 		if ($_POST['password'] != '') {
-			list($salt, $password) = crypt_password($_POST['password']);
+			list($version, $password) = crypt_password($_POST['password']);
 
-			$query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
+			$query = prepare('UPDATE ``mods`` SET `password` = :password, `version` = :version WHERE `id` = :id');
 			$query->bindValue(':id', $uid);
 			$query->bindValue(':password', $password);
-			$query->bindValue(':salt', $salt);
+			$query->bindValue(':version', $version);
 			$query->execute() or error(db_error($query));
 			
 			modLog('Changed own password');
@@ -1832,12 +1832,12 @@ function mod_user_new() {
 		if (!isset($config['mod']['groups'][$type]) || $type == DISABLED)
 			error(sprintf($config['error']['invalidfield'], 'type'));
 		
-		list($salt, $password) = crypt_password($_POST['password']);
+		list($version, $password) = crypt_password($_POST['password']);
 		
-		$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards)');
+		$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :version, :type, :boards)');
 		$query->bindValue(':username', $_POST['username']);
 		$query->bindValue(':password', $password);
-		$query->bindValue(':salt', $salt);
+		$query->bindValue(':version', $version);
 		$query->bindValue(':type', $type);
 		$query->bindValue(':boards', implode(',', $boards));
 		$query->execute() or error(db_error($query));