aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include/functions_upgrade.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2012-11-02 13:59:07 +0000
committerplegall <plg@piwigo.org>2012-11-02 13:59:07 +0000
commita73846717f5c884e0eef0b5591ff7ad374375a0b (patch)
treea8e52d992545558cbacacf50e704a332a80c9810 /admin/include/functions_upgrade.php
parent805ce4bb02c9e3114c76841db75c23a59d17a3c4 (diff)
feature 2727: improve password security with the use of PasswordHash class.
This class performs salt and multiple iterations. Already used in Wordpress, Drupal, phpBB and many other web applications. $conf['pass_convert'] is replaced by $conf['password_hash'] + $conf['password_verify'] git-svn-id: http://piwigo.org/svn/trunk@18889 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/include/functions_upgrade.php')
-rw-r--r--admin/include/functions_upgrade.php7
1 files changed, 1 insertions, 6 deletions
diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php
index a5b3f7e5a..35e45b032 100644
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@@ -247,12 +247,7 @@ WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
}
$row = pwg_db_fetch_assoc(pwg_query($query));
- if (!isset($conf['pass_convert']))
- {
- $conf['pass_convert'] = create_function('$s', 'return md5($s);');
- }
-
- if ($row['password'] != $conf['pass_convert']($password))
+ if (!$conf['password_verify']($password, $row['password']))
{
array_push($page['errors'], l10n('Invalid password!'));
}