diff options
Diffstat (limited to 'admin/login.php')
-rwxr-xr-x | admin/login.php | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/admin/login.php b/admin/login.php index 618cfb9..2f3d977 100755 --- a/admin/login.php +++ b/admin/login.php @@ -4,7 +4,21 @@ require_once __DIR__ . '/../app/app.php'; if (isset($_POST['password'])) { session_regenerate_id(); - setcookie('auth', md5($_POST['password'])); + + $hash_pwd = hash('sha256', $_POST['password']); + + // check if old moonmoon was installed and convert stored password + // from md5 to current hash function + $md5_pwd = md5($_POST['password']); + $passfile = dirname(__FILE__) . '/inc/pwd.inc.php'; + include($passfile); + + if ($md5_pwd == $password) { + error_log("Migrating password from md5 to sha256"); + file_put_contents($passfile, sprintf('<?php $login="admin"; $password="%s"; ?>', $hash_pwd)); + } + + setcookie('auth', $hash_pwd); header('Location: index.php'); } |