From 8fab3e4b1fc80b3421623b6b00a7339e9e5e881a Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Fri, 1 Apr 2016 23:19:37 +0200 Subject: Support changing password hashing settings Signed-off-by: Florian Pritz --- application/config/config.php | 9 +++++++++ application/models/muser.php | 7 ++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/application/config/config.php b/application/config/config.php index 45cff945e..a535c4fea 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -440,6 +440,15 @@ $config['auth_fluxbb'] = array( 'database' => 'fluxbb' ); +// This is only used if the driver is set to db +// For information about these values refer to https://secure.php.net/manual/en/function.password-hash.php +$config['auth_db'] = array( + 'hashing_options' => array( + 'cost' => 10, + ), + 'hashing_algorithm' => PASSWORD_DEFAULT, +); + // Possible values: production, development // "development" enables features like profiling and display of SQL queries. diff --git a/application/models/muser.php b/application/models/muser.php index ced8c5ca2..852a7c3e3 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -14,12 +14,17 @@ class Muser extends CI_Model { // last level has the most access private $access_levels = array("basic", "apikey", "full"); + private $hashalgo; + private $hashoptions = array(); + function __construct() { parent::__construct(); $this->load->helper("filebin"); $this->load->driver("duser"); + $this->hashalgo = $this->config->item('auth_db')['hashing_algorithm']; + $this->hashoptions = $this->config->item('auth_db')['hashing_options']; } function has_session() @@ -258,7 +263,7 @@ class Muser extends CI_Model { function hash_password($password) { - $hash = password_hash($password, PASSWORD_DEFAULT); + $hash = password_hash($password, $this->hashalgo, $this->hashoptions); if ($hash === false) { throw new \exceptions\ApiException('user/hash_password/failed', "Failed to hash password"); } -- cgit v1.2.3-24-g4f1b