diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2007-10-04 18:50:25 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2007-10-04 18:50:25 +0000 |
| commit | 760fe6bc66cc5571b220e3a80ddc027ad67b86f3 (patch) | |
| tree | 85cc3fdacda920243e9bfad58f9e44d4cd65841a /phpBB/includes/ucp/ucp_profile.php | |
| parent | c2085565789b4a5858ba9bb1189804b731cb2ab4 (diff) | |
| download | forums-760fe6bc66cc5571b220e3a80ddc027ad67b86f3.tar forums-760fe6bc66cc5571b220e3a80ddc027ad67b86f3.tar.gz forums-760fe6bc66cc5571b220e3a80ddc027ad67b86f3.tar.bz2 forums-760fe6bc66cc5571b220e3a80ddc027ad67b86f3.tar.xz forums-760fe6bc66cc5571b220e3a80ddc027ad67b86f3.zip | |
#i42
new password hashing mechanism for storing passwords
git-svn-id: file:///svn/phpbb/trunk@8139 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/ucp/ucp_profile.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 41eb93ce09..b89af840b6 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -75,13 +75,13 @@ class ucp_profile $error[] = 'NEW_PASSWORD_ERROR'; } - if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($data['cur_password']) != $user->data['user_password']) + if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && !phpbb_check_hash($data['cur_password'], $user->data['user_password'])) { $error[] = 'CUR_PASSWORD_ERROR'; } // Only check the new password against the previous password if there have been no errors - if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) == $user->data['user_password']) + if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && phpbb_check_hash($data['new_password'], $user->data['user_password'])) { $error[] = 'SAME_PASSWORD_ERROR'; } @@ -103,7 +103,7 @@ class ucp_profile 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32($data['email']) . strlen($data['email']) : $user->data['user_email_hash'], - 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? md5($data['new_password']) : $user->data['user_password'], + 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'], 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0, ); @@ -112,7 +112,7 @@ class ucp_profile add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']); } - if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) != $user->data['user_password']) + if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !phpbb_check_hash($data['new_password'], $user->data['user_password'])) { $user->reset_login_keys(); add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']); |