natto1784/aslichan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SECURITY] keep up with modern password hashing standards

Browse Source
This commit is contained in:
czaks
2016-04-22 05:35:43 +02:00
parent 028fd3df15
commit caaf741691
5 changed files with 87 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
inc/mod/pages.php
View File

@@ -1734,9 +1734,8 @@ function mod_user($uid) {
}
if ($_POST['password'] != '') {
$salt = generate_salt();
$password = hash('sha256', $salt . sha1($_POST['password']));
list($salt, $password) = crypt_password($_POST['password']);
$query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->bindValue(':password', $password);
@@ -1761,8 +1760,7 @@ function mod_user($uid) {
if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) {
if ($_POST['password'] != '') {
$salt = generate_salt();
$password = hash('sha256', $salt . sha1($_POST['password']));
list($salt, $password) = crypt_password($_POST['password']);
$query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
$query->bindValue(':id', $uid);
@@ -1834,8 +1832,7 @@ function mod_user_new() {
if (!isset($config['mod']['groups'][$type]) || $type == DISABLED)
error(sprintf($config['error']['invalidfield'], 'type'));
$salt = generate_salt();
$password = hash('sha256', $salt . sha1($_POST['password']));
list($salt, $password) = crypt_password($_POST['password']);
$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards)');
$query->bindValue(':username', $_POST['username']);