summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2016-04-01 23:19:37 +0200
committerFlorian Pritz <bluewind@xinu.at>2016-04-01 23:19:37 +0200
commit8fab3e4b1fc80b3421623b6b00a7339e9e5e881a (patch)
treedce7e34d990b60f4f31c2384223494ea322fcd6a
parent41d58f68e34e714e6c4cac5176d3fb40b762fa0b (diff)
Support changing password hashing settings
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r--application/config/config.php9
-rw-r--r--application/models/muser.php7
2 files changed, 15 insertions, 1 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 45cff945e..a535c4fea 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -440,6 +440,15 @@ $config['auth_fluxbb'] = array(
'database' => 'fluxbb'
);
+// This is only used if the driver is set to db
+// For information about these values refer to https://secure.php.net/manual/en/function.password-hash.php
+$config['auth_db'] = array(
+ 'hashing_options' => array(
+ 'cost' => 10,
+ ),
+ 'hashing_algorithm' => PASSWORD_DEFAULT,
+);
+
// Possible values: production, development
// "development" enables features like profiling and display of SQL queries.
diff --git a/application/models/muser.php b/application/models/muser.php
index ced8c5ca2..852a7c3e3 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -14,12 +14,17 @@ class Muser extends CI_Model {
// last level has the most access
private $access_levels = array("basic", "apikey", "full");
+ private $hashalgo;
+ private $hashoptions = array();
+
function __construct()
{
parent::__construct();
$this->load->helper("filebin");
$this->load->driver("duser");
+ $this->hashalgo = $this->config->item('auth_db')['hashing_algorithm'];
+ $this->hashoptions = $this->config->item('auth_db')['hashing_options'];
}
function has_session()
@@ -258,7 +263,7 @@ class Muser extends CI_Model {
function hash_password($password)
{
- $hash = password_hash($password, PASSWORD_DEFAULT);
+ $hash = password_hash($password, $this->hashalgo, $this->hashoptions);
if ($hash === false) {
throw new \exceptions\ApiException('user/hash_password/failed', "Failed to hash password");
}