diff options
author | Florian Pritz <bluewind@xinu.at> | 2016-04-01 23:19:37 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2016-04-01 23:19:37 +0200 |
commit | 8fab3e4b1fc80b3421623b6b00a7339e9e5e881a (patch) | |
tree | dce7e34d990b60f4f31c2384223494ea322fcd6a | |
parent | 41d58f68e34e714e6c4cac5176d3fb40b762fa0b (diff) |
Support changing password hashing settings
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r-- | application/config/config.php | 9 | ||||
-rw-r--r-- | application/models/muser.php | 7 |
2 files changed, 15 insertions, 1 deletions
diff --git a/application/config/config.php b/application/config/config.php index 45cff945e..a535c4fea 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -440,6 +440,15 @@ $config['auth_fluxbb'] = array( 'database' => 'fluxbb' ); +// This is only used if the driver is set to db +// For information about these values refer to https://secure.php.net/manual/en/function.password-hash.php +$config['auth_db'] = array( + 'hashing_options' => array( + 'cost' => 10, + ), + 'hashing_algorithm' => PASSWORD_DEFAULT, +); + // Possible values: production, development // "development" enables features like profiling and display of SQL queries. diff --git a/application/models/muser.php b/application/models/muser.php index ced8c5ca2..852a7c3e3 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -14,12 +14,17 @@ class Muser extends CI_Model { // last level has the most access private $access_levels = array("basic", "apikey", "full"); + private $hashalgo; + private $hashoptions = array(); + function __construct() { parent::__construct(); $this->load->helper("filebin"); $this->load->driver("duser"); + $this->hashalgo = $this->config->item('auth_db')['hashing_algorithm']; + $this->hashoptions = $this->config->item('auth_db')['hashing_options']; } function has_session() @@ -258,7 +263,7 @@ class Muser extends CI_Model { function hash_password($password) { - $hash = password_hash($password, PASSWORD_DEFAULT); + $hash = password_hash($password, $this->hashalgo, $this->hashoptions); if ($hash === false) { throw new \exceptions\ApiException('user/hash_password/failed', "Failed to hash password"); } |