From a73846717f5c884e0eef0b5591ff7ad374375a0b Mon Sep 17 00:00:00 2001 From: plegall Date: Fri, 2 Nov 2012 13:59:07 +0000 Subject: feature 2727: improve password security with the use of PasswordHash class. This class performs salt and multiple iterations. Already used in Wordpress, Drupal, phpBB and many other web applications. $conf['pass_convert'] is replaced by $conf['password_hash'] + $conf['password_verify'] git-svn-id: http://piwigo.org/svn/trunk@18889 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/include/functions_upgrade.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'admin/include/functions_upgrade.php') diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php index a5b3f7e5a..35e45b032 100644 --- a/admin/include/functions_upgrade.php +++ b/admin/include/functions_upgrade.php @@ -247,12 +247,7 @@ WHERE '.$conf['user_fields']['username'].'=\''.$username.'\' } $row = pwg_db_fetch_assoc(pwg_query($query)); - if (!isset($conf['pass_convert'])) - { - $conf['pass_convert'] = create_function('$s', 'return md5($s);'); - } - - if ($row['password'] != $conf['pass_convert']($password)) + if (!$conf['password_verify']($password, $row['password'])) { array_push($page['errors'], l10n('Invalid password!')); } -- cgit v1.2.3