use login as salt when generating passwords (2)

author: Andrew Dolgov <[email protected]> 2007-09-12 04:58:05 +0100
committer: Andrew Dolgov <[email protected]> 2007-09-12 04:58:05 +0100
commit: c3a005adbc29424980c04080d8c66359341b6103 (patch)
tree: c656157c51a534430db38070b35c32be435d572b /modules/pref-users.php
parent: 1a9f4d3c9d7b8147230c0a816a849afdedb54901 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/pref-users.php b/modules/pref-users.php
index e554da4cb..fdc6d4952 100644
--- a/modules/pref-users.php
+++ b/modules/pref-users.php
@@ -73,7 +73,7 @@
 				$password = db_escape_string(trim($_GET["password"]));
 
 				if ($password) {
-					$pwd_hash = 'SHA1:' . sha1($password);
+					$pwd_hash = encrypt_password($password, $login);
 					$pass_query_part = "pwd_hash = '$pwd_hash', ";					
 					print_notice(T_sprintf('Changed password of user <b>%s</b>.', $login));
 				} else {
@@ -101,7 +101,7 @@
 
 				$login = db_escape_string(trim($_GET["login"]));
 				$tmp_user_pwd = make_password(8);
-				$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
+				$pwd_hash = encrypt_password($tmp_user_pwd, $login);
 
 				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
 					login = '$login'");
@@ -146,7 +146,7 @@
 				$login = db_fetch_result($result, 0, "login");
 				$email = db_fetch_result($result, 0, "email");
 				$tmp_user_pwd = make_password(8);
-				$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
+				$pwd_hash = encrypt_password($tmp_user_pwd, $login);
 
 				db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
 					WHERE id = '$uid'");
author	Andrew Dolgov <[email protected]>	2007-09-12 04:58:05 +0100
committer	Andrew Dolgov <[email protected]>	2007-09-12 04:58:05 +0100
commit	c3a005adbc29424980c04080d8c66359341b6103 (patch)
tree	c656157c51a534430db38070b35c32be435d572b /modules/pref-users.php
parent	1a9f4d3c9d7b8147230c0a816a849afdedb54901 (diff)