mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

#i42

Browse Source 
new password hashing mechanism for storing passwords


git-svn-id: file:///svn/phpbb/trunk@8139 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2007-10-04 18:50:25 +00:00
parent c208556578
commit 760fe6bc66
13 changed files with 1491 additions and 1219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
phpBB/includes/ucp/ucp_profile.php
View File

@@ -75,13 +75,13 @@ class ucp_profile
$error[] = 'NEW_PASSWORD_ERROR';
}
if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($data['cur_password']) != $user->data['user_password'])
if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && !phpbb_check_hash($data['cur_password'], $user->data['user_password']))
{
$error[] = 'CUR_PASSWORD_ERROR';
}
// Only check the new password against the previous password if there have been no errors
if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) == $user->data['user_password'])
if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && phpbb_check_hash($data['new_password'], $user->data['user_password']))
{
$error[] = 'SAME_PASSWORD_ERROR';
}
@@ -103,7 +103,7 @@ class ucp_profile
'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32($data['email']) . strlen($data['email']) : $user->data['user_email_hash'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? md5($data['new_password']) : $user->data['user_password'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'],
'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
);
@@ -112,7 +112,7 @@ class ucp_profile
add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
}
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) != $user->data['user_password'])
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !phpbb_check_hash($data['new_password'], $user->data['user_password']))
{
$user->reset_login_keys();
add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);

2
phpBB/includes/ucp/ucp_register.php
View File

@@ -300,7 +300,7 @@ class ucp_register
$user_row = array(
'username' => $data['username'],
'user_password' => md5($data['new_password']),
'user_password' => phpbb_hash($data['new_password']),
'user_email' => $data['email'],
'group_id' => (int) $group_id,
'user_timezone' => (float) $data['tz'],

2
phpBB/includes/ucp/ucp_remind.php
View File

@@ -67,7 +67,7 @@ class ucp_remind
$user_password = gen_rand_string(8);
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_newpasswd = '" . $db->sql_escape(md5($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
WHERE user_id = " . $user_row['user_id'];
$db->sql_query($sql);