tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bcrypt implementation

This commit is contained in:
alejandro.campos@artica.es 2022-12-20 12:22:43 +01:00
parent 7e507d454b
commit bd7480a1e1
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pandora_console/include/auth/mysql.php
View File

@ -237,6 +237,11 @@ function process_user_login_local($login, $pass, $api=false)
return false;
}
// Override password to use Bcrypt encryption.
if (strlen($row['password']) === 32) {
update_user_password($login, $pass);
}
return $row['id_user'];
} else {
if (!user_can_login($login)) {
@ -753,7 +758,7 @@ function delete_user(string $id_user)
/**
* Update the password in MD5 for user pass as id_user with
* Update the password using BCRYPT algorithm for specific id_user passing
* password in plain text.
*
* @param string $user User ID.
@ -1056,7 +1061,7 @@ function create_user_and_permisions_ldap(
$values['id_user'] = $id_user;
if ($config['ldap_save_password'] || $config['ad_save_password']) {
$values['password'] = md5($password);
$values['password'] = password_hash($password, PASSWORD_BCRYPT);
}
$values['last_connect'] = 0;
@ -1488,9 +1493,9 @@ function change_local_user_pass_ldap($id_user, $password)
$local_user_pass = db_get_value_filter('password', 'tusuario', ['id_user' => $id_user]);
$return = false;
if (md5($password) !== $local_user_pass) {
if (password_hash($password, PASSWORD_BCRYPT) !== $local_user_pass) {
$values_update = [];
$values_update['password'] = md5($password);
$values_update['password'] = password_hash($password, PASSWORD_BCRYPT);
$return = db_process_sql_update('tusuario', $values_update, ['id_user' => $id_user]);
}