diff options
author | plegall <plg@piwigo.org> | 2012-11-02 13:59:07 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2012-11-02 13:59:07 +0000 |
commit | a73846717f5c884e0eef0b5591ff7ad374375a0b (patch) | |
tree | a8e52d992545558cbacacf50e704a332a80c9810 /include/config_default.inc.php | |
parent | 805ce4bb02c9e3114c76841db75c23a59d17a3c4 (diff) |
feature 2727: improve password security with the use of PasswordHash class.
This class performs salt and multiple iterations. Already used in Wordpress,
Drupal, phpBB and many other web applications.
$conf['pass_convert'] is replaced by $conf['password_hash'] + $conf['password_verify']
git-svn-id: http://piwigo.org/svn/trunk@18889 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/config_default.inc.php')
-rw-r--r-- | include/config_default.inc.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index b093e2bd1..d9b807f36 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -506,12 +506,20 @@ $conf['user_fields'] = array( 'email' => 'mail_address' ); -// pass_convert : function to crypt or hash the clear user password to store -// it in the database -$conf['pass_convert'] = create_function('$s', 'return md5($s);'); +// password_hash: function hash the clear user password to store it in the +// database. The function takes only one parameter: the clear password. +$conf['password_hash'] = 'pwg_password_hash'; + +// password_verify: function that checks the password against its hash. The +// function takes 2 mandatory parameter : clear password, hashed password + +// an optional parameter user_id. The user_id is used to update the password +// with the new hash introduced in Piwigo 2.5. See function +// pwg_password_verify in include/functions_user.inc.php +$conf['password_verify'] = 'pwg_password_verify'; // guest_id : id of the anonymous user $conf['guest_id'] = 2; + // default_user_id : id of user used for default value $conf['default_user_id'] = $conf['guest_id']; |