Generate better salt for crypt()
This commit is contained in:
parent
db5df642ba
commit
7233869298
|
@ -49,7 +49,7 @@ class AuthCryptPlugin extends AuthenticationPlugin
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// crypt cuts the second parameter to its appropriate length based on hash scheme
|
// crypt understands what the salt part of $user->password is
|
||||||
if ($user->password === crypt($password, $user->password)) {
|
if ($user->password === crypt($password, $user->password)) {
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
|
@ -66,6 +66,18 @@ class AuthCryptPlugin extends AuthenticationPlugin
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function cryptSalt($len=CRYPT_SALT_LENGTH)
|
||||||
|
{
|
||||||
|
$chars = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
||||||
|
$salt = '';
|
||||||
|
|
||||||
|
for ($i=0; $i<$len; $i++) {
|
||||||
|
$salt .= $chars{mt_rand(0, strlen($chars)-1)};
|
||||||
|
}
|
||||||
|
|
||||||
|
return $salt;
|
||||||
|
}
|
||||||
|
|
||||||
// $oldpassword is already verified when calling this function... shouldn't this be private?!
|
// $oldpassword is already verified when calling this function... shouldn't this be private?!
|
||||||
function changePassword($username, $oldpassword, $newpassword)
|
function changePassword($username, $oldpassword, $newpassword)
|
||||||
{
|
{
|
||||||
|
@ -87,8 +99,7 @@ class AuthCryptPlugin extends AuthenticationPlugin
|
||||||
public function hashPassword($password, Profile $profile=null)
|
public function hashPassword($password, Profile $profile=null)
|
||||||
{
|
{
|
||||||
// A new, unique salt per new record stored...
|
// A new, unique salt per new record stored...
|
||||||
// TODO: common_good_rand should be more diverse than hexdec
|
return crypt($password, $this->hash . self::cryptSalt());
|
||||||
return crypt($password, $this->hash . common_good_rand(CRYPT_SALT_LENGTH));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in New Issue
Block a user