diff options
| author | plegall <plg@piwigo.org> | 2012-11-02 13:59:07 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2012-11-02 13:59:07 +0000 |
| commit | a73846717f5c884e0eef0b5591ff7ad374375a0b (patch) | |
| tree | a8e52d992545558cbacacf50e704a332a80c9810 /install | |
| parent | 805ce4bb02c9e3114c76841db75c23a59d17a3c4 (diff) | |
feature 2727: improve password security with the use of PasswordHash class.
This class performs salt and multiple iterations. Already used in Wordpress,
Drupal, phpBB and many other web applications.
$conf['pass_convert'] is replaced by $conf['password_hash'] + $conf['password_verify']
git-svn-id: http://piwigo.org/svn/trunk@18889 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'install')
| -rw-r--r-- | install/db/132-database.php | 36 | ||||
| -rw-r--r-- | install/piwigo_structure-mysql.sql | 2 |
2 files changed, 37 insertions, 1 deletions
diff --git a/install/db/132-database.php b/install/db/132-database.php new file mode 100644 index 000000000..744e8e3ba --- /dev/null +++ b/install/db/132-database.php @@ -0,0 +1,36 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based photo gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008-2012 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +defined('PHPWG_ROOT_PATH') or die('Hacking attempt!'); + +$upgrade_description = 'Enlarge #users.password to increase security.'; + +global $prefixeTable; + +// we don't use USERS_TABLE because it might be an external table, here we +// want to change to users table specific to Piwigo +$query = 'ALTER TABLE '.$prefixeTable.'users CHANGE password password varchar(255) default NULL'; +pwg_query($query); + +echo "\n".$upgrade_description."\n"; +?>
\ No newline at end of file diff --git a/install/piwigo_structure-mysql.sql b/install/piwigo_structure-mysql.sql index c75dbaae3..cde461bcd 100644 --- a/install/piwigo_structure-mysql.sql +++ b/install/piwigo_structure-mysql.sql @@ -441,7 +441,7 @@ DROP TABLE IF EXISTS `piwigo_users`; CREATE TABLE `piwigo_users` ( `id` smallint(5) NOT NULL auto_increment, `username` varchar(100) binary NOT NULL default '', - `password` varchar(32) default NULL, + `password` varchar(255) default NULL, `mail_address` varchar(255) default NULL, PRIMARY KEY (`id`), UNIQUE KEY `users_ui1` (`username`) |