perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

Long overdue: Salted password hashes

Browse source
This commit is contained in:
Michael Foster 2013-07-24 11:15:55 -04:00
parent 46edec0f2d
commit 31f657e550
4 changed files with 63 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

24
inc/mod/pages.php
View file

@ -1407,9 +1407,13 @@ function mod_user($uid) {
}
if ($_POST['password'] != '') {
$query = prepare('UPDATE `mods` SET `password` = SHA1(:password) WHERE `id` = :id');
$salt = generate_salt();
$password = hash('sha256', $salt . sha1($_POST['password']));
$query = prepare('UPDATE `mods` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->bindValue(':password', $_POST['password']);
$query->bindValue(':password', $password);
$query->bindValue(':salt', $salt);
$query->execute() or error(db_error($query));
modLog('Changed password for ' . utf8tohtml($_POST['username']) . ' <small>(#' . $user['id'] . ')</small>');
@ -1430,9 +1434,13 @@ function mod_user($uid) {
if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) {
if ($_POST['password'] != '') {
$query = prepare('UPDATE `mods` SET `password` = SHA1(:password) WHERE `id` = :id');
$salt = generate_salt();
$password = hash('sha256', $salt . sha1($_POST['password']));
$query = prepare('UPDATE `mods` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->bindValue(':password', $_POST['password']);
$query->bindValue(':password', $password);
$query->bindValue(':salt', $salt);
$query->execute() or error(db_error($query));
modLog('Changed own password');
@ -1494,9 +1502,13 @@ function mod_user_new() {
if ($_POST['type'] !== JANITOR && $_POST['type'] !== MOD && $_POST['type'] !== ADMIN)
error(sprintf($config['error']['invalidfield'], 'type'));
$query = prepare('INSERT INTO `mods` VALUES (NULL, :username, SHA1(:password), :type, :boards)');
$salt = generate_salt();
$password = hash('sha256', $salt . sha1($_POST['password']));
$query = prepare('INSERT INTO `mods` VALUES (NULL, :username, :password, :salt, :type, :boards)');
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':password', $_POST['password']);
$query->bindValue(':password', $password);
$query->bindValue(':salt', $salt);
$query->bindValue(':type', $_POST['type']);
$query->bindValue(':boards', implode(',', $boards));
$query->execute() or error(db_error($query));