summaryrefslogtreecommitdiff
path: root/modules/pref-prefs.php
diff options
context:
space:
mode:
authorAndrew Dolgov <[email protected]>2007-09-12 04:56:22 +0100
committerAndrew Dolgov <[email protected]>2007-09-12 04:56:22 +0100
commit1a9f4d3c9d7b8147230c0a816a849afdedb54901 (patch)
tree7c82cfc74e23250f489a083279cb1b5bdc754f75 /modules/pref-prefs.php
parente6684130735a424559212d065654b66fb8c63d70 (diff)
use login as salt when generating passwords
Diffstat (limited to 'modules/pref-prefs.php')
-rw-r--r--modules/pref-prefs.php12
1 files changed, 8 insertions, 4 deletions
diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php
index a3132ce4c..6c1934309 100644
--- a/modules/pref-prefs.php
+++ b/modules/pref-prefs.php
@@ -31,8 +31,12 @@
return;
}
- $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
- $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
+ $old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]);
+ $old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"],
+ $_SESSION["name"]);
+
+ $new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"],
+ $_SESSION["name"]);
$active_uid = $_SESSION["uid"];
@@ -41,8 +45,8 @@
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
- id = '$active_uid' AND (pwd_hash = '$old_pw' OR
- pwd_hash = '$old_pw_hash')");
+ id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
+ pwd_hash = '$old_pw_hash2')");
if (db_num_rows($result) == 1) {
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 20:36:10 +0000