summaryrefslogtreecommitdiffstats
path: root/lib/user/database.php
diff options
context:
space:
mode:
authorFrank Karlitschek <frank@owncloud.org>2012-06-08 12:42:35 +0200
committerFrank Karlitschek <frank@owncloud.org>2012-06-08 12:42:35 +0200
commita7a861b2c6fc855abc0741691bebf975e255767c (patch)
tree2f3275187d5c123a8ddf045c734bcda4d7a3c791 /lib/user/database.php
parent8c7fa15aaf98e31646e4306e7819d1d2b725a7e1 (diff)
downloadnextcloud-server-a7a861b2c6fc855abc0741691bebf975e255767c.tar.gz
nextcloud-server-a7a861b2c6fc855abc0741691bebf975e255767c.zip
backport the password salting fix.
a salt is generated during setup and used to salt the user password hases in the database backend
Diffstat (limited to 'lib/user/database.php')
-rw-r--r--lib/user/database.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/user/database.php b/lib/user/database.php
index 894ccffb791..a9b01957d42 100644
--- a/lib/user/database.php
+++ b/lib/user/database.php
@@ -69,7 +69,7 @@ class OC_User_Database extends OC_User_Backend {
return false;
}else{
$hasher=$this->getHasher();
- $hash = $hasher->HashPassword($password);
+ $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
$query = OC_DB::prepare( "INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )" );
$result = $query->execute( array( $uid, $hash));
@@ -102,7 +102,7 @@ class OC_User_Database extends OC_User_Backend {
public function setPassword( $uid, $password ){
if( $this->userExists($uid) ){
$hasher=$this->getHasher();
- $hash = $hasher->HashPassword($password);
+ $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
$query = OC_DB::prepare( "UPDATE *PREFIX*users SET password = ? WHERE uid = ?" );
$result = $query->execute( array( $hash, $uid ));
@@ -131,7 +131,7 @@ class OC_User_Database extends OC_User_Backend {
$storedHash=$row['password'];
if (substr($storedHash,0,1)=='$'){//the new phpass based hashing
$hasher=$this->getHasher();
- if($hasher->CheckPassword($password, $storedHash)){
+ if($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash)){
return $row['uid'];
}else{
return false;