summaryrefslogtreecommitdiffstats
path: root/web/lib/aur.inc
diff options
context:
space:
mode:
authorDenis <d.v.kobozev@gmail.com>2010-04-05 15:41:30 +0200
committerLoui Chang <louipc.ist@gmail.com>2010-04-17 22:50:24 +0200
commit290c436046327d9f04b7d12b5fda19f4dc14f574 (patch)
tree93c9ca0485e5ffb7d87460fbb78218c5f03e830f /web/lib/aur.inc
parent5b8b0757f4f938f86bed86ae56fa3511704e006f (diff)
downloadaur-290c436046327d9f04b7d12b5fda19f4dc14f574.tar.gz
aur-290c436046327d9f04b7d12b5fda19f4dc14f574.tar.xz
Support for storing salted passwords
To upgrade existing databases: ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT ''; Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Diffstat (limited to 'web/lib/aur.inc')
-rw-r--r--web/lib/aur.inc31
1 files changed, 31 insertions, 0 deletions
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index e0521abc..8ccce897 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -455,3 +455,34 @@ function mkurl($append) {
return substr($out, 5);
}
+
+function get_salt($user_id)
+{
+ $dbh = db_connect();
+ $salt_q = "SELECT Salt FROM Users WHERE ID = '$user_id'";
+ $salt_result = mysql_fetch_row(db_query($salt_q, $dbh));
+ return $salt_result[0];
+}
+
+function save_salt($user_id, $passwd)
+{
+ $dbh = db_connect();
+ $salt = generate_salt();
+ $hash = salted_hash($passwd, $salt);
+ $salting_q = "UPDATE Users SET Salt = '$salt'" .
+ ", Passwd = '$hash' WHERE ID = '$user_id'";
+ return db_query($salting_q, $dbh);
+}
+
+function generate_salt()
+{
+ return md5(uniqid(rand(), true));
+}
+
+function salted_hash($passwd, $salt)
+{
+ if (strlen($salt) != 32) {
+ trigger_error('Salt does not look like an md5 hash', E_USER_WARNING);
+ }
+ return md5($salt . $passwd);
+}