external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Support for storing salted passwords

Browse source 
To upgrade existing databases:

ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT '';

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
This commit is contained in:
Denis 2010-04-05 09:41:30 -04:00 committed by Loui Chang
parent 5b8b0757f4
commit 290c436046
4 changed files with 74 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

31
web/lib/aur.inc
View file

@ -455,3 +455,34 @@ function mkurl($append) {
return substr($out, 5);
}
function get_salt($user_id)
{
$dbh = db_connect();
$salt_q = "SELECT Salt FROM Users WHERE ID = '$user_id'";
$salt_result = mysql_fetch_row(db_query($salt_q, $dbh));
return $salt_result[0];
}
function save_salt($user_id, $passwd)
{
$dbh = db_connect();
$salt = generate_salt();
$hash = salted_hash($passwd, $salt);
$salting_q = "UPDATE Users SET Salt = '$salt'" .
", Passwd = '$hash' WHERE ID = '$user_id'";
return db_query($salting_q, $dbh);
}
function generate_salt()
{
return md5(uniqid(rand(), true));
}
function salted_hash($passwd, $salt)
{
if (strlen($salt) != 32) {
trigger_error('Salt does not look like an md5 hash', E_USER_WARNING);
}
return md5($salt . $passwd);
}