mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

security: Use more secure password hashes (#8213)

Browse Source 
* More secure password hashes
Use PHP 5.5 password_hash(), currently uses bcrypt
increase password field length as per php documentation

* Use password_hash()/password_verify() for cookies too

* forgot to update db_schema.yaml
This commit is contained in:
Tony Murray
2018-02-08 17:08:21 -06:00
committed by Neil Lathwood
parent 496575ea99
commit 1188b53192
5 changed files with 42 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/auth_test.php
View File

@@ -2,7 +2,6 @@
<?php
use LibreNMS\Authentication\Auth;
use Phpass\PasswordHash;
$options = getopt('u:rdvh');
if (isset($options['h']) || !isset($options['u'])) {
@@ -96,8 +95,7 @@ try {
exit;
}
$hasher = new PasswordHash(8, false);
$token = $session['session_username'] . '|' . $hasher->HashPassword($session['session_username'] . $session['session_token']);
$token = $session['session_username'] . '|' . password_hash($session['session_username'] . $session['session_token'], PASSWORD_DEFAULT);
$auth = $authorizer->reauthenticate($session['session_value'], $token);
if ($auth) {