diff options
author | Andrew Dolgov <[email protected]> | 2007-09-12 04:56:22 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2007-09-12 04:56:22 +0100 |
commit | 1a9f4d3c9d7b8147230c0a816a849afdedb54901 (patch) | |
tree | 7c82cfc74e23250f489a083279cb1b5bdc754f75 /modules | |
parent | e6684130735a424559212d065654b66fb8c63d70 (diff) |
use login as salt when generating passwords
Diffstat (limited to 'modules')
-rw-r--r-- | modules/pref-prefs.php | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php index a3132ce4c..6c1934309 100644 --- a/modules/pref-prefs.php +++ b/modules/pref-prefs.php @@ -31,8 +31,12 @@ return; } - $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]); - $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]); + $old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]); + $old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"], + $_SESSION["name"]); + + $new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"], + $_SESSION["name"]); $active_uid = $_SESSION["uid"]; @@ -41,8 +45,8 @@ $login = db_escape_string($_SERVER['PHP_AUTH_USER']); $result = db_query($link, "SELECT id FROM ttrss_users WHERE - id = '$active_uid' AND (pwd_hash = '$old_pw' OR - pwd_hash = '$old_pw_hash')"); + id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR + pwd_hash = '$old_pw_hash2')"); if (db_num_rows($result) == 1) { db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' |