public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-25 19:41:29 +00:00
Code Issues Releases Wiki Activity

use login as salt when generating passwords

Browse Source
This commit is contained in:
Andrew Dolgov
2007-09-12 04:56:22 +01:00
parent e668413073
commit 1a9f4d3c9d
2 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
functions.php
View File

@@ -1423,16 +1423,18 @@
if (!SINGLE_USER_MODE) {
$pwd_hash = 'SHA1:' . sha1($password);
$pwd_hash1 = encrypt_password($password);
$pwd_hash2 = encrypt_password($password, $login);
if ($force_auth && defined('_DEBUG_USER_SWITCH')) {
$query = "SELECT id,login,access_level
FROM ttrss_users WHERE
login = '$login'";
} else {
$query = "SELECT id,login,access_level
$query = "SELECT id,login,access_level,pwd_hash
FROM ttrss_users WHERE
login = '$login' AND pwd_hash = '$pwd_hash'";
login = '$login' AND (pwd_hash = '$pwd_hash1' OR
pwd_hash = '$pwd_hash2')";
}
$result = db_query($link, $query);
@@ -1449,7 +1451,7 @@
$_SESSION["theme"] = $user_theme;
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["pwd_hash"] = $pwd_hash;
$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
initialize_user_prefs($link, $_SESSION["uid"]);
@@ -4766,4 +4768,12 @@
return $url_path;
}
function encrypt_password($pass, $login = '') {
if ($login) {
return "SHA1X:" . sha1("$login:$pass");
} else {
return "SHA1:" . sha1($pass);
}
}
?>