From 760fe6bc66cc5571b220e3a80ddc027ad67b86f3 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Thu, 4 Oct 2007 18:50:25 +0000
Subject: #i42 new password hashing mechanism for storing passwords

git-svn-id: file:///svn/phpbb/trunk@8139 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/acp/acp_users.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'phpBB/includes/acp')

diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index a7764a5d6e..237d1ba18b 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -694,7 +694,7 @@ class acp_users
 
 					// Which updates do we need to do?
 					$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
-					$update_password = ($data['new_password'] && $user_row['user_password'] != md5($data['new_password'])) ? true : false;
+					$update_password = ($data['new_password'] && !phpbb_check_hash($user_row['user_password'], $data['new_password'])) ? true : false;
 					$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
 
 					if (!sizeof($error))
@@ -766,7 +766,7 @@ class acp_users
 						if ($update_password)
 						{
 							$sql_ary += array(
-								'user_password' => md5($data['new_password']),
+								'user_password' => phpbb_hash($data['new_password']),
 								'user_passchg'	=> time(),
 							);
 
-- 
cgit v1.2.1