diff options
| author | Frank Karlitschek <frank@owncloud.org> | 2012-06-08 14:31:37 +0400 |
|---|---|---|
| committer | Frank Karlitschek <frank@owncloud.org> | 2012-06-08 14:31:37 +0400 |
| commit | 6119f05ac015b71d94318bf759b4fcaefe4650af (patch) | |
| tree | d4289faaa92a83da055dfdc24e4ba2737d62263f /lib/user | |
| parent | 4d3b7574f3dcab1c79c27e93122dcc7d1ac103b2 (diff) | |
generate a random salt during installation and store it in the config.php. use it to salt the password hashing.
Diffstat (limited to 'lib/user')
| -rw-r--r-- | lib/user/database.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/user/database.php b/lib/user/database.php index 769ba6a7920..bb077c8364f 100644 --- a/lib/user/database.php +++ b/lib/user/database.php @@ -69,7 +69,7 @@ class OC_User_Database extends OC_User_Backend { return false; }else{ $hasher=$this->getHasher(); - $hash = $hasher->HashPassword($password); + $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', '')); $query = OC_DB::prepare( "INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )" ); $result = $query->execute( array( $uid, $hash)); @@ -102,7 +102,7 @@ class OC_User_Database extends OC_User_Backend { public function setPassword( $uid, $password ){ if( $this->userExists($uid) ){ $hasher=$this->getHasher(); - $hash = $hasher->HashPassword($password); + $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', '')); $query = OC_DB::prepare( "UPDATE *PREFIX*users SET password = ? WHERE uid = ?" ); $result = $query->execute( array( $hash, $uid )); @@ -131,7 +131,7 @@ class OC_User_Database extends OC_User_Backend { $storedHash=$row['password']; if (substr($storedHash,0,1)=='$'){//the new phpass based hashing $hasher=$this->getHasher(); - if($hasher->CheckPassword($password, $storedHash)){ + if($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash)){ return $row['uid']; }else{ return false; |