Use sha256 for password hashing

See moonmoon/moonmoon#10
author: Romain d'Alverny <rdalverny@gmail.com> 2022-01-12 19:42:35 +0100
committer: Romain d'Alverny <rdalverny@gmail.com> 2022-01-12 19:42:35 +0100
commit: ef25d22544d4df97eae819217d841a7a3147c41d (patch)
tree: 205fa5dae346a2cc573a6b102fc99a2af822b865 /admin/changepassword.php
parent: 0b2f80b2504286f0f9b9e1b95db5244d414a6808 (diff)
download: planet-ef25d22544d4df97eae819217d841a7a3147c41d.tar
planet-ef25d22544d4df97eae819217d841a7a3147c41d.tar.gz
planet-ef25d22544d4df97eae819217d841a7a3147c41d.tar.bz2
planet-ef25d22544d4df97eae819217d841a7a3147c41d.tar.xz
planet-ef25d22544d4df97eae819217d841a7a3147c41d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/admin/changepassword.php b/admin/changepassword.php
index 3b4500e..c1e61ff 100644
--- a/admin/changepassword.php
+++ b/admin/changepassword.php
@@ -4,7 +4,7 @@ require_once __DIR__.'/../app/app.php';
 require_once __DIR__.'/inc/auth.inc.php';
 
 if ($csrf->verify($_POST['_csrf'], 'frmPassword') && isset($_POST['password']) && ('' != $_POST['password'])) {
-    $out = '<?php $login="admin"; $password="'.md5($_POST['password']).'"; ?>';
+    $out = sprintf('<?php $login="admin"; $password="%s"; ?>', hash('sha256', $_POST['password']));
     file_put_contents(__DIR__.'/inc/pwd.inc.php', $out);
     die("Password changed. <a href='administration.php'>Login</a>");
 } else {
author	Romain d'Alverny <rdalverny@gmail.com>	2022-01-12 19:42:35 +0100
committer	Romain d'Alverny <rdalverny@gmail.com>	2022-01-12 19:42:35 +0100
commit	ef25d22544d4df97eae819217d841a7a3147c41d (patch)
tree	205fa5dae346a2cc573a6b102fc99a2af822b865 /admin/changepassword.php
parent	0b2f80b2504286f0f9b9e1b95db5244d414a6808 (diff)
download	planet-ef25d22544d4df97eae819217d841a7a3147c41d.tar planet-ef25d22544d4df97eae819217d841a7a3147c41d.tar.gz planet-ef25d22544d4df97eae819217d841a7a3147c41d.tar.bz2 planet-ef25d22544d4df97eae819217d841a7a3147c41d.tar.xz planet-ef25d22544d4df97eae819217d841a7a3147c41d.zip