From 6359259dbb1e8d5b569f569a7089abffd9259d30 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 1 Mar 2021 15:24:18 +0300
Subject: simplify internal authentication code and bump default algo to
 SSHA-512

---
 classes/auth/base.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'classes/auth')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index f18cc2d2d..9b2f630c0 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -23,8 +23,8 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
 
 				if (!$password) $password = make_password();
 
-				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
-				$pwd_hash = encrypt_password($password, $salt, true);
+				$salt = UserHelper::get_salt();
+				$pwd_hash = UserHelper::hash_password($password, $salt, UserHelper::HASH_ALGOS[0]);
 
 				$sth = $this->pdo->prepare("INSERT INTO ttrss_users
 						(login,access_level,last_login,created,pwd_hash,salt)
-- 
cgit v1.2.3