thooge
/
ipreg
Archived
1
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

Implemented better password hashing algorithm

Browse Source
master
Thomas Hooge 1 year ago
parent c13c7494bf
commit 08c6d42b3c
1 changed files with 32 additions and 22 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 26
      lib/user.class.php

26
lib/user.class.php
Unescape View File

@ -82,8 +82,24 @@
// any users?
if ($user_counter>0) {
// compare passwords
if(!strcmp(md5($user_pass), $users[0]['user_pass'])) {
// all ok: user is logged in, register session data
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
// all ok: user is logged in
// md5 match but outdated. rewrite with new algo
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
$db->db_update($query);
} else {
if (! password_verify($user_pass, $users[0]['user_pass'])) {
return FALSE;
}
}
} else {
return FALSE;
}
// register session data
$_SESSION['suser_id'] = $users[0]['user_id'];
$_SESSION['suser_displayname'] = $users[0]['user_displayname'];
$_SESSION['suser_language'] = $users[0]['user_language'];
@ -103,12 +119,6 @@
$_SESSION['suser_menu_vlans'] = $users[0]['user_menu_vlans'];
$_SESSION['suser_menu_zones'] = $users[0]['user_menu_zones'];
$_SESSION['suser_tooltips'] = $users[0]['user_tooltips'];
} else {
return FALSE;
}
} else {
return FALSE;
}
// no errors found, return
return TRUE;