summaryrefslogtreecommitdiffstats
path: root/web/html/passreset.php
diff options
context:
space:
mode:
authorDenis <d.v.kobozev@gmail.com>2010-04-05 15:41:30 +0200
committerLoui Chang <louipc.ist@gmail.com>2010-04-17 22:50:24 +0200
commit290c436046327d9f04b7d12b5fda19f4dc14f574 (patch)
tree93c9ca0485e5ffb7d87460fbb78218c5f03e830f /web/html/passreset.php
parent5b8b0757f4f938f86bed86ae56fa3511704e006f (diff)
downloadaur-290c436046327d9f04b7d12b5fda19f4dc14f574.tar.gz
aur-290c436046327d9f04b7d12b5fda19f4dc14f574.tar.xz
Support for storing salted passwords
To upgrade existing databases: ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT ''; Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Diffstat (limited to 'web/html/passreset.php')
-rw-r--r--web/html/passreset.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/web/html/passreset.php b/web/html/passreset.php
index 6fbd1caa..0f98593d 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -31,10 +31,13 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
if (empty($error)) {
$dbh = db_connect();
+ $salt = generate_salt();
+ $hash = salted_hash($password, $salt);
# The query below won't affect any records unless the ResetKey
# and Email combination is correct and ResetKey is nonempty
$q = "UPDATE Users
- SET Passwd = '".md5($password)."',
+ SET Passwd = '$hash',
+ Salt = '$salt',
ResetKey = ''
WHERE ResetKey != ''
AND ResetKey = '".mysql_real_escape_string($resetkey)."'