mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
29a48708bb
Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
26 lines
668 B
Text
26 lines
668 B
Text
1. Add Timezone column to Users:
|
|
|
|
---
|
|
ALTER TABLE Users ADD COLUMN Timezone VARCHAR(32) NOT NULL DEFAULT 'UTC';
|
|
---
|
|
|
|
2. Add LastSSHLogin and LastSSHLoginIPAddress columns to the Users table:
|
|
|
|
---
|
|
ALTER TABLE Users
|
|
ADD COLUMN LastSSHLogin BIGINT UNSIGNED NOT NULL DEFAULT 0,
|
|
ADD COLUMN LastSSHLoginIPAddress VARCHAR(45) NULL DEFAULT NULL;
|
|
---
|
|
|
|
3. Convert the IPAddress column of the Bans table to VARCHAR(45). If the table
|
|
contains any active bans, convert them accordingly:
|
|
|
|
----
|
|
ALTER TABLE Bans MODIFY IPAddress VARCHAR(45) NULL DEFAULT NULL;
|
|
----
|
|
|
|
4. Resize the Passwd column of the Users table:
|
|
|
|
---
|
|
ALTER TABLE Users MODIFY Passwd VARCHAR(255) NOT NULL;
|
|
---
|