diff options
author | Lukas Fleischer <lfleischer@archlinux.org> | 2017-02-24 19:52:28 +0100 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2017-02-24 22:04:49 +0100 |
commit | 29a48708bb7c3e00e80275a6b898f557f63dff69 (patch) | |
tree | c1b4f3ec1e5caffaacb796916e5bdb89b5cb19ff /web/html | |
parent | 31754909b1ebbc2a50f1faecbb0cf5058953b840 (diff) | |
download | aur-29a48708bb7c3e00e80275a6b898f557f63dff69.tar.gz aur-29a48708bb7c3e00e80275a6b898f557f63dff69.tar.xz |
Use bcrypt to hash passwords
Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.
Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.
Fixes FS#52297.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web/html')
-rw-r--r-- | web/html/passreset.php | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/web/html/passreset.php b/web/html/passreset.php index cb2f6bcd..e89967d4 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -34,10 +34,7 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir } if (empty($error)) { - $salt = generate_salt(); - $hash = salted_hash($password, $salt); - - $error = password_reset($hash, $salt, $resetkey, $email); + $error = password_reset($password, $resetkey, $email); } } elseif (isset($_POST['email'])) { $email = $_POST['email']; |