Changeset 18889 for trunk/admin


Ignore:
Timestamp:
Nov 2, 2012, 2:59:07 PM (11 years ago)
Author:
plg
Message:

feature 2727: improve password security with the use of PasswordHash class.
This class performs salt and multiple iterations. Already used in Wordpress,
Drupal, phpBB and many other web applications.

$confpass_convert is replaced by $confpassword_hash + $confpassword_verify

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/include/functions_upgrade.php

    r15678 r18889  
    248248  $row = pwg_db_fetch_assoc(pwg_query($query));
    249249
    250   if (!isset($conf['pass_convert']))
    251   {
    252     $conf['pass_convert'] = create_function('$s', 'return md5($s);');
    253   }
    254 
    255   if ($row['password'] != $conf['pass_convert']($password))
     250  if (!$conf['password_verify']($password, $row['password']))
    256251  {
    257252    array_push($page['errors'], l10n('Invalid password!'));
Note: See TracChangeset for help on using the changeset viewer.