Updated mysql auth to use PHPass

This commit is contained in:
laf
2014-02-03 10:45:34 +00:00
parent e80f8f33a6
commit 04a9f4a2f3
4 changed files with 276 additions and 5 deletions

View File

@ -9,14 +9,26 @@ function authenticate($username,$password)
// Migrate from old, unhashed password
if ($row['password'] == $encrypted_old)
{
$row = dbFetchRow("DESCRIBE users password");
if ($row['Type'] == 'varchar(34)')
$row_type = dbFetchRow("DESCRIBE users password");
if ($row_type['Type'] == 'varchar(34)')
{
changepassword($username,$password);
}
return 1;
}
if ($row['password'] == crypt($password,$row['password']))
elseif(substr($row['password'],0,3) == '$1$')
{
$row_type = dbFetchRow("DESCRIBE users password");
if ($row_type['Type'] == 'varchar(60)')
{
if ($row['password'] == crypt($password,$row['password']))
{
changepassword($username,$password);
}
}
}
$hasher = new PasswordHash(8, FALSE);
if($hasher->CheckPassword($password, $row['password']))
{
return 1;
}
@ -62,7 +74,9 @@ function generateSalt($max = 15)
function changepassword($username,$password)
{
$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
//$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
$hasher = new PasswordHash(8, FALSE);
$encrypted = $hasher->HashPassword($password);
return dbUpdate(array('password' => $encrypted), 'users', '`username` = ?', array($username));
}
@ -75,7 +89,9 @@ function adduser($username, $password, $level, $email = "", $realname = "", $can
{
if (!user_exists($username))
{
$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
//$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
$hasher = new PasswordHash(8, FALSE);
$encrypted = $hasher->HashPassword($password);
return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd), 'users');
} else {
return FALSE;