composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use a better algorithm to hash new passwords

Browse Source 
SVN:trunk[5997]
This commit is contained in:
Stephen Abello
2018-08-03 12:49:20 +00:00
parent 8fe38b03f6
commit dd46048ea6
1 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
core/ormpassword.class.inc.php
View File

@@ -42,6 +42,7 @@ class ormPassword
public function __construct($sHash = '', $sSalt = '')
{
$this->m_sHashed = $sHash;
//only used for <= 2.5 hashed password
$this->m_sSalt = $sSalt;
}
@@ -50,8 +51,7 @@ class ormPassword
*/
public function SetPassword($sClearTextPassword)
{
$this->m_sSalt = SimpleCrypt::GetNewSalt();
$this->m_sHashed = $this->ComputeHash($sClearTextPassword);
$this->m_sHashed = password_hash($sClearTextPassword, PASSWORD_DEFAULT);
}
/**
@@ -95,10 +95,21 @@ class ormPassword
public function CheckPassword($sClearTextPassword)
{
$bResult = false;
$sHashedPwd = $this->ComputeHash($sClearTextPassword);
if ($this->m_sHashed == $sHashedPwd)
$aInfo = password_get_info($this->m_sHashed);
switch ($aInfo["algoName"])
{
$bResult = true;
case 'bcrypt':
$bResult = password_verify($sClearTextPassword, $this->m_sHashed);
break;
case 'unknown':
$sHashedPwd = $this->ComputeHash($sClearTextPassword);
if ($this->m_sHashed == $sHashedPwd)
{
$bResult = true;
}
break;
default:
//shouldn't happen until php modify PASSWORD_DEFAULT
}
return $bResult;
}