perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

Long overdue: Salted password hashes

Browse source
This commit is contained in:
Michael Foster 2013-07-24 11:15:55 -04:00
parent 46edec0f2d
commit 31f657e550
4 changed files with 63 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

21
install.php
View file

@ -1,7 +1,7 @@
<?php
// Installation/upgrade file
define('VERSION', 'v0.9.6-dev-8');
define('VERSION', 'v0.9.6-dev-9');
require 'inc/functions.php';
@ -229,6 +229,25 @@ if (file_exists($config['has_installed'])) {
}
case 'v0.9.6-dev-7':
query("ALTER TABLE `bans` ADD `seen` BOOLEAN NOT NULL") or error(db_error());
case 'v0.9.6-dev-8':
query("ALTER TABLE `mods` CHANGE `password` `password` CHAR( 64 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT 'SHA256'") or error(db_error());
query("ALTER TABLE `mods` ADD `salt` CHAR( 32 ) NOT NULL AFTER `password`") or error(db_error());
$query = query("SELECT `id`,`password` FROM `mods`") or error(db_error());
while ($user = $query->fetch(PDO::FETCH_ASSOC)) {
if (strlen($user['password']) == 40) {
mt_srand(microtime(true) * 100000 + memory_get_usage(true));
$salt = md5(uniqid(mt_rand(), true));
$user['salt'] = $salt;
$user['password'] = hash('sha256', $user['salt'] . $user['password']);
$_query = prepare("UPDATE `mods` SET `password` = :password, `salt` = :salt WHERE `id` = :id");
$_query->bindValue(':username', $user['id']);
$_query->bindValue(':password', $user['password']);
$_query->bindValue(':salt', $user['salt']);
$_query->execute() or error(db_error($_query));
}
}
case false:
// Update version number
file_write($config['has_installed'], VERSION);