diff options
author | Andrew Dolgov <[email protected]> | 2007-09-12 04:56:22 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2007-09-12 04:56:22 +0100 |
commit | 1a9f4d3c9d7b8147230c0a816a849afdedb54901 (patch) | |
tree | 7c82cfc74e23250f489a083279cb1b5bdc754f75 /functions.php | |
parent | e6684130735a424559212d065654b66fb8c63d70 (diff) |
use login as salt when generating passwords
Diffstat (limited to 'functions.php')
-rw-r--r-- | functions.php | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/functions.php b/functions.php index a237aff5a..362f965a4 100644 --- a/functions.php +++ b/functions.php @@ -1423,16 +1423,18 @@ if (!SINGLE_USER_MODE) { - $pwd_hash = 'SHA1:' . sha1($password); + $pwd_hash1 = encrypt_password($password); + $pwd_hash2 = encrypt_password($password, $login); if ($force_auth && defined('_DEBUG_USER_SWITCH')) { $query = "SELECT id,login,access_level FROM ttrss_users WHERE login = '$login'"; } else { - $query = "SELECT id,login,access_level + $query = "SELECT id,login,access_level,pwd_hash FROM ttrss_users WHERE - login = '$login' AND pwd_hash = '$pwd_hash'"; + login = '$login' AND (pwd_hash = '$pwd_hash1' OR + pwd_hash = '$pwd_hash2')"; } $result = db_query($link, $query); @@ -1449,7 +1451,7 @@ $_SESSION["theme"] = $user_theme; $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; - $_SESSION["pwd_hash"] = $pwd_hash; + $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash"); initialize_user_prefs($link, $_SESSION["uid"]); @@ -4766,4 +4768,12 @@ return $url_path; } + function encrypt_password($pass, $login = '') { + if ($login) { + return "SHA1X:" . sha1("$login:$pass"); + } else { + return "SHA1:" . sha1($pass); + } + } + ?> |