Use bcrypt to hash passwords

Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
author: Lukas Fleischer <lfleischer@archlinux.org> 2017-02-24 19:52:28 +0100
committer: Lukas Fleischer <lfleischer@archlinux.org> 2017-02-24 22:04:49 +0100
commit: 29a48708bb7c3e00e80275a6b898f557f63dff69 (patch)
tree: c1b4f3ec1e5caffaacb796916e5bdb89b5cb19ff /schema
parent: 31754909b1ebbc2a50f1faecbb0cf5058953b840 (diff)
download: aur-29a48708bb7c3e00e80275a6b898f557f63dff69.tar.gz
aur-29a48708bb7c3e00e80275a6b898f557f63dff69.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql
index 99f90834..b75a257c 100644
--- a/schema/aur-schema.sql
+++ b/schema/aur-schema.sql
@@ -27,7 +27,7 @@ CREATE TABLE Users (
 	Username VARCHAR(32) NOT NULL,
 	Email VARCHAR(254) NOT NULL,
 	HideEmail TINYINT UNSIGNED NOT NULL DEFAULT 0,
-	Passwd CHAR(32) NOT NULL,
+	Passwd VARCHAR(255) NOT NULL,
 	Salt CHAR(32) NOT NULL DEFAULT '',
 	ResetKey CHAR(32) NOT NULL DEFAULT '',
 	RealName VARCHAR(64) NOT NULL DEFAULT '',
author	Lukas Fleischer <lfleischer@archlinux.org>	2017-02-24 19:52:28 +0100
committer	Lukas Fleischer <lfleischer@archlinux.org>	2017-02-24 22:04:49 +0100
commit	29a48708bb7c3e00e80275a6b898f557f63dff69 (patch)
tree	c1b4f3ec1e5caffaacb796916e5bdb89b5cb19ff /schema
parent	31754909b1ebbc2a50f1faecbb0cf5058953b840 (diff)
download	aur-29a48708bb7c3e00e80275a6b898f557f63dff69.tar.gz aur-29a48708bb7c3e00e80275a6b898f557f63dff69.tar.xz