$dbtype='sqlite3';
}
+ //generate a random salt that is used to salt the local user passwords
+ $salt=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
+ OC_Config::setValue('passwordsalt', $salt);
+
//write the config file
OC_Config::setValue('datadirectory', $datadir);
OC_Config::setValue('dbtype', $dbtype);
return false;
}else{
$hasher=$this->getHasher();
- $hash = $hasher->HashPassword($password);
+ $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
$query = OC_DB::prepare( "INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )" );
$result = $query->execute( array( $uid, $hash));
public function setPassword( $uid, $password ){
if( $this->userExists($uid) ){
$hasher=$this->getHasher();
- $hash = $hasher->HashPassword($password);
+ $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
$query = OC_DB::prepare( "UPDATE *PREFIX*users SET password = ? WHERE uid = ?" );
$result = $query->execute( array( $hash, $uid ));
$storedHash=$row['password'];
if (substr($storedHash,0,1)=='$'){//the new phpass based hashing
$hasher=$this->getHasher();
- if($hasher->CheckPassword($password, $storedHash)){
+ if($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash)){
return $row['uid'];
}else{
return false;