diff options
| author | Frank Karlitschek <frank@owncloud.org> | 2012-06-08 12:42:35 +0200 |
|---|---|---|
| committer | Frank Karlitschek <frank@owncloud.org> | 2012-06-08 12:42:35 +0200 |
| commit | a7a861b2c6fc855abc0741691bebf975e255767c (patch) | |
| tree | 2f3275187d5c123a8ddf045c734bcda4d7a3c791 /lib/user | |
| parent | 8c7fa15aaf98e31646e4306e7819d1d2b725a7e1 (diff) | |
| download | nextcloud-server-a7a861b2c6fc855abc0741691bebf975e255767c.tar.gz nextcloud-server-a7a861b2c6fc855abc0741691bebf975e255767c.zip | |
backport the password salting fix.
a salt is generated during setup and used to salt the user password hases in the database backend
Diffstat (limited to 'lib/user')
| -rw-r--r-- | lib/user/database.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/user/database.php b/lib/user/database.php index 894ccffb791..a9b01957d42 100644 --- a/lib/user/database.php +++ b/lib/user/database.php @@ -69,7 +69,7 @@ class OC_User_Database extends OC_User_Backend { return false; }else{ $hasher=$this->getHasher(); - $hash = $hasher->HashPassword($password); + $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', '')); $query = OC_DB::prepare( "INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )" ); $result = $query->execute( array( $uid, $hash)); @@ -102,7 +102,7 @@ class OC_User_Database extends OC_User_Backend { public function setPassword( $uid, $password ){ if( $this->userExists($uid) ){ $hasher=$this->getHasher(); - $hash = $hasher->HashPassword($password); + $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', '')); $query = OC_DB::prepare( "UPDATE *PREFIX*users SET password = ? WHERE uid = ?" ); $result = $query->execute( array( $hash, $uid )); @@ -131,7 +131,7 @@ class OC_User_Database extends OC_User_Backend { $storedHash=$row['password']; if (substr($storedHash,0,1)=='$'){//the new phpass based hashing $hasher=$this->getHasher(); - if($hasher->CheckPassword($password, $storedHash)){ + if($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash)){ return $row['uid']; }else{ return false; |