From ba9c11dce576becf8669a11519d69322066444c4 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Wed, 11 Apr 2012 13:55:09 +0200
Subject: Use phpass for password hashing

The current implementation sometimes failed to generate valid hashes
(had something to do with the random salt).

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/models/muser.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'application/models/muser.php')

diff --git a/application/models/muser.php b/application/models/muser.php
index 10d67e18f..532fdeb1a 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -78,8 +78,11 @@ class Muser extends CI_Model {
 
 	function hash_password($password)
 	{
-		$salt = random_alphanum(22);
-		return crypt($password, "$2a$09$$salt$");
+
+		require_once APPPATH."third_party/PasswordHash.php";
+
+		$hasher = new PasswordHash(9, false);
+		return $hasher->HashPassword($password);
 	}
 
 }
-- 
cgit v1.2.3-24-g4f1b