thooge
/
ipreg
Archived
1
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

Implemented better password hashing algorithm

Browse Source
master
Thomas Hooge 2 years ago
parent c13c7494bf
commit 08c6d42b3c
1 changed files with 32 additions and 22 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 54
      lib/user.class.php

54
lib/user.class.php
Unescape View File

@ -82,34 +82,44 @@
// any users? // any users?
if ($user_counter>0) { if ($user_counter>0) {
// compare passwords // compare passwords
if(!strcmp(md5($user_pass), $users[0]['user_pass'])) { if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
// all ok: user is logged in, register session data // all ok: user is logged in
$_SESSION['suser_id'] = $users[0]['user_id'];
$_SESSION['suser_displayname'] = $users[0]['user_displayname']; // md5 match but outdated. rewrite with new algo
$_SESSION['suser_language'] = $users[0]['user_language']; $newhash = password_hash($user_pass, PASSWORD_BCRYPT);
$_SESSION['suser_imagesize'] = $users[0]['user_imagesize']; $query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
$_SESSION['suser_imagecount'] = $users[0]['user_imagecount']; $db->db_update($query);
$_SESSION['suser_mac'] = $users[0]['user_mac'];
$_SESSION['suser_dateformat'] = $users[0]['user_dateformat'];
$_SESSION['suser_dns1suffix'] = $users[0]['user_dns1suffix'];
$_SESSION['suser_dns2suffix'] = $users[0]['user_dns2suffix'];
$_SESSION['suser_menu_assets'] = $users[0]['user_menu_assets'];
$_SESSION['suser_menu_assetclasses'] = $users[0]['user_menu_assetclasses'];
$_SESSION['suser_menu_assetclassgroups'] = $users[0]['user_menu_assetclassgroups'];
$_SESSION['suser_menu_locations'] = $users[0]['user_menu_locations'];
$_SESSION['suser_menu_nodes'] = $users[0]['user_menu_nodes'];
$_SESSION['suser_menu_subnets'] = $users[0]['user_menu_subnets'];
$_SESSION['suser_menu_users'] = $users[0]['user_menu_users'];
$_SESSION['suser_menu_vlans'] = $users[0]['user_menu_vlans'];
$_SESSION['suser_menu_zones'] = $users[0]['user_menu_zones'];
$_SESSION['suser_tooltips'] = $users[0]['user_tooltips'];
} else { } else {
return FALSE; if (! password_verify($user_pass, $users[0]['user_pass'])) {
return FALSE;
}
} }
} else { } else {
return FALSE; return FALSE;
} }
// register session data
$_SESSION['suser_id'] = $users[0]['user_id'];
$_SESSION['suser_displayname'] = $users[0]['user_displayname'];
$_SESSION['suser_language'] = $users[0]['user_language'];
$_SESSION['suser_imagesize'] = $users[0]['user_imagesize'];
$_SESSION['suser_imagecount'] = $users[0]['user_imagecount'];
$_SESSION['suser_mac'] = $users[0]['user_mac'];
$_SESSION['suser_dateformat'] = $users[0]['user_dateformat'];
$_SESSION['suser_dns1suffix'] = $users[0]['user_dns1suffix'];
$_SESSION['suser_dns2suffix'] = $users[0]['user_dns2suffix'];
$_SESSION['suser_menu_assets'] = $users[0]['user_menu_assets'];
$_SESSION['suser_menu_assetclasses'] = $users[0]['user_menu_assetclasses'];
$_SESSION['suser_menu_assetclassgroups'] = $users[0]['user_menu_assetclassgroups'];
$_SESSION['suser_menu_locations'] = $users[0]['user_menu_locations'];
$_SESSION['suser_menu_nodes'] = $users[0]['user_menu_nodes'];
$_SESSION['suser_menu_subnets'] = $users[0]['user_menu_subnets'];
$_SESSION['suser_menu_users'] = $users[0]['user_menu_users'];
$_SESSION['suser_menu_vlans'] = $users[0]['user_menu_vlans'];
$_SESSION['suser_menu_zones'] = $users[0]['user_menu_zones'];
$_SESSION['suser_tooltips'] = $users[0]['user_tooltips'];
// no errors found, return // no errors found, return
return TRUE; return TRUE;
} }