From 29a48708bb7c3e00e80275a6b898f557f63dff69 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@archlinux.org>
Date: Fri, 24 Feb 2017 19:52:28 +0100
Subject: Use bcrypt to hash passwords

Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.

Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.

Fixes FS#52297.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 schema/aur-schema.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'schema/aur-schema.sql')

diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql
index 99f90834..b75a257c 100644
--- a/schema/aur-schema.sql
+++ b/schema/aur-schema.sql
@@ -27,7 +27,7 @@ CREATE TABLE Users (
 	Username VARCHAR(32) NOT NULL,
 	Email VARCHAR(254) NOT NULL,
 	HideEmail TINYINT UNSIGNED NOT NULL DEFAULT 0,
-	Passwd CHAR(32) NOT NULL,
+	Passwd VARCHAR(255) NOT NULL,
 	Salt CHAR(32) NOT NULL DEFAULT '',
 	ResetKey CHAR(32) NOT NULL DEFAULT '',
 	RealName VARCHAR(64) NOT NULL DEFAULT '',
-- 
cgit v1.2.3-24-g4f1b