mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 12:32:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-20365 auth_db: Warning users about case sensitive plain passwords

Browse Source 
Also, changing returned passwords to lower case when
maching against an md5() string or a sha1() string.
This commit is contained in:
David Monllao 2014-11-27 13:57:06 +08:00
parent bc92aace89
commit c00cbdc784
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
auth/db/auth.php
View File

@ -127,9 +127,9 @@ class auth_plugin_db extends auth_plugin_base {
if ($this->config->passtype === 'plaintext') {
return ($fromdb == $extpassword);
} else if ($this->config->passtype === 'md5') {
return ($fromdb == md5($extpassword));
return (strtolower($fromdb) == md5($extpassword));
} else if ($this->config->passtype === 'sha1') {
return ($fromdb == sha1($extpassword));
return (strtolower($fromdb) == sha1($extpassword));
} else if ($this->config->passtype === 'saltedcrypt') {
require_once($CFG->libdir.'/password_compat/lib/password.php');
return password_verify($extpassword, $fromdb);

7
auth/db/upgrade.txt Normal file
View File

@ -0,0 +1,7 @@
This files describes API changes in /auth/db/*,
information provided here is intended especially for developers.
=== 2.9 ===
* Plain text password matching is now always case sensitive, it does not
depend on the database sensitiveness anymore.