mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-07 02:11:26 +02:00
feature 2727: improve password security with the use of PasswordHash class.
This class performs salt and multiple iterations. Already used in Wordpress, Drupal, phpBB and many other web applications. $conf['pass_convert'] is replaced by $conf['password_hash'] + $conf['password_verify'] git-svn-id: http://piwigo.org/svn/trunk@18889 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
@@ -247,12 +247,7 @@ WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
|
||||
}
|
||||
$row = pwg_db_fetch_assoc(pwg_query($query));
|
||||
|
||||
if (!isset($conf['pass_convert']))
|
||||
{
|
||||
$conf['pass_convert'] = create_function('$s', 'return md5($s);');
|
||||
}
|
||||
|
||||
if ($row['password'] != $conf['pass_convert']($password))
|
||||
if (!$conf['password_verify']($password, $row['password']))
|
||||
{
|
||||
array_push($page['errors'], l10n('Invalid password!'));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user