From 29a48708bb7c3e00e80275a6b898f557f63dff69 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@archlinux.org>
Date: Fri, 24 Feb 2017 19:52:28 +0100
Subject: Use bcrypt to hash passwords

Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.

Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.

Fixes FS#52297.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 upgrading/4.5.0.txt | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'upgrading')

diff --git a/upgrading/4.5.0.txt b/upgrading/4.5.0.txt
index fb0a2993..37b2b810 100644
--- a/upgrading/4.5.0.txt
+++ b/upgrading/4.5.0.txt
@@ -18,3 +18,9 @@ ALTER TABLE Users
 ----
 ALTER TABLE Bans MODIFY IPAddress VARCHAR(45) NULL DEFAULT NULL;
 ----
+
+4. Resize the Passwd column of the Users table:
+
+---
+ALTER TABLE Users MODIFY Passwd VARCHAR(255) NOT NULL;
+---
-- 
cgit v1.2.3-24-g4f1b