Support for storing salted passwords

To upgrade existing databases: ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT ''; Signed-off-by: Loui Chang <louipc.ist@gmail.com>
author: Denis <d.v.kobozev@gmail.com> 2010-04-05 15:41:30 +0200
committer: Loui Chang <louipc.ist@gmail.com> 2010-04-17 22:50:24 +0200
commit: 290c436046327d9f04b7d12b5fda19f4dc14f574 (patch)
tree: 93c9ca0485e5ffb7d87460fbb78218c5f03e830f /web/lib/aur.inc
parent: 5b8b0757f4f938f86bed86ae56fa3511704e006f (diff)
download: aur-290c436046327d9f04b7d12b5fda19f4dc14f574.tar.gz
aur-290c436046327d9f04b7d12b5fda19f4dc14f574.tar.xz
1 files changed, 31 insertions, 0 deletions
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index e0521abc..8ccce897 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -455,3 +455,34 @@ function mkurl($append) {
 
 	return substr($out, 5);
 }
+
+function get_salt($user_id)
+{
+	$dbh = db_connect();
+	$salt_q = "SELECT Salt FROM Users WHERE ID = '$user_id'";
+	$salt_result = mysql_fetch_row(db_query($salt_q, $dbh));
+	return $salt_result[0];
+}
+
+function save_salt($user_id, $passwd)
+{
+	$dbh = db_connect();
+	$salt = generate_salt();
+	$hash = salted_hash($passwd, $salt);
+	$salting_q = "UPDATE Users SET Salt = '$salt'" .
+		", Passwd = '$hash' WHERE ID = '$user_id'";
+	return db_query($salting_q, $dbh);
+}
+
+function generate_salt()
+{
+	return md5(uniqid(rand(), true));
+}
+
+function salted_hash($passwd, $salt)
+{
+	if (strlen($salt) != 32) {
+		trigger_error('Salt does not look like an md5 hash', E_USER_WARNING);
+	}
+	return md5($salt . $passwd);
+}
author	Denis <d.v.kobozev@gmail.com>	2010-04-05 15:41:30 +0200
committer	Loui Chang <louipc.ist@gmail.com>	2010-04-17 22:50:24 +0200
commit	290c436046327d9f04b7d12b5fda19f4dc14f574 (patch)
tree	93c9ca0485e5ffb7d87460fbb78218c5f03e830f /web/lib/aur.inc
parent	5b8b0757f4f938f86bed86ae56fa3511704e006f (diff)
download	aur-290c436046327d9f04b7d12b5fda19f4dc14f574.tar.gz aur-290c436046327d9f04b7d12b5fda19f4dc14f574.tar.xz