projects
/
authserver.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
actually use the on-disk site-specific nonce to 'pepper' passwords before hashing...
[authserver.git]
/
authutils.php-class
diff --git
a/authutils.php-class
b/authutils.php-class
index 2d4573f5c76a9cc6dd21ac63c98fc3c90b741011..0b7d4b1e2acd4328e7ec0b25cc8160d119dae91e 100755
(executable)
--- a/
authutils.php-class
+++ b/
authutils.php-class
@@
-15,6
+15,7
@@
class AuthUtils {
//
// private $pwd_nonces
// The array of nonces to use for "peppering" passwords. For new hashes, the last one of those will be used.
//
// private $pwd_nonces
// The array of nonces to use for "peppering" passwords. For new hashes, the last one of those will be used.
+ // Generate a nonce with this command: |openssl rand -base64 48|
//
// function checkPasswordConstraints($new_password, $user_email)
// Check password constraints and return an array of error messages (empty if all constraints are met).
//
// function checkPasswordConstraints($new_password, $user_email)
// Check password constraints and return an array of error messages (empty if all constraints are met).
@@
-119,10
+120,12
@@
class AuthUtils {
}
function pwdVerify($password_to_verify, $userdata) {
}
function pwdVerify($password_to_verify, $userdata) {
- if (preg_match('/^(\d+)\|/', $userdata['pwdhash'], $regs)) {
+ $pwdhash = $userdata['pwdhash'];
+ if (preg_match('/^(\d+)\|(.+)$/', $userdata['pwdhash'], $regs)) {
$password_to_verify .= $this->pwd_nonces[$regs[1]];
$password_to_verify .= $this->pwd_nonces[$regs[1]];
+ $pwdhash = $regs[2];
}
}
- return password_verify($password_to_verify, $
userdata['pwdhash']
);
+ return password_verify($password_to_verify, $
pwdhash
);
}
function pwdNeedsRehash($userdata) {
}
function pwdNeedsRehash($userdata) {