external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 09:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Support for storing salted passwords

Browse source 
To upgrade existing databases:

ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT '';

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
This commit is contained in:
Denis 2010-04-05 09:41:30 -04:00 committed by Loui Chang
parent 5b8b0757f4
commit 290c436046
4 changed files with 74 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

5
web/html/passreset.php
View file

@ -31,10 +31,13 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
if (empty($error)) {
$dbh = db_connect();
$salt = generate_salt();
$hash = salted_hash($password, $salt);
# The query below won't affect any records unless the ResetKey
# and Email combination is correct and ResetKey is nonempty
$q = "UPDATE Users
SET Passwd = '".md5($password)."',
SET Passwd = '$hash',
Salt = '$salt',
ResetKey = ''
WHERE ResetKey != ''
AND ResetKey = '".mysql_real_escape_string($resetkey)."'