Commit bd2d28c6 authored by Franco Fichtner's avatar Franco Fichtner

auth: tweak previous, hide implementation details; closes #1282

parent 2a025de4
...@@ -488,14 +488,16 @@ function local_user_del($user) ...@@ -488,14 +488,16 @@ function local_user_del($user)
function local_user_set_password(&$user, $password) function local_user_set_password(&$user, $password)
{ {
$user['password'] = generate_password_hash($password, 10); $cost = 10;
// Converts ascii to unicode. $hash = password_hash($password, PASSWORD_BCRYPT, [ 'cost' => $cost ]);
$astr = (string) $password; if ($hash !== false) {
$ustr = ''; /*
for ($i = 0; $i < strlen($astr); $i++) { * $2y$ returned is supported in FreeBSD 11.0 and up,
$a = ord($astr{$i}) << 8; * but we started with FreeBSD 10.3 so need to fix:
$ustr.= sprintf("%X", $a); */
$hash[2] = 'b';
$user['password'] = $hash;
} }
} }
......
...@@ -1575,11 +1575,3 @@ function is_install_media() ...@@ -1575,11 +1575,3 @@ function is_install_media()
return true; return true;
} }
function generate_password_hash($password, $cost = 10)
{
$hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => $cost]);
// at the moment of writing FreeBSD can't recognise $2y$... as bcrypt, $2b$ is needed
$hash[2] = 'b';
return $hash;
}
...@@ -58,7 +58,7 @@ if (isset($_POST['save'])) { ...@@ -58,7 +58,7 @@ if (isset($_POST['save'])) {
if (count($input_errors) == 0) { if (count($input_errors) == 0) {
// all values are okay --> saving changes // all values are okay --> saving changes
$config['system']['user'][$userindex[$username]]['password'] = generate_password_hash($_POST['passwordfld1'], 10); local_user_set_password($config['system']['user'][$userindex[$username]], $_POST['passwordfld1']);
local_user_set($config['system']['user'][$userindex[$username]]); local_user_set($config['system']['user'][$userindex[$username]]);
write_config(); write_config();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment