Convert password during login to new secure hash
This commit is contained in:
parent
81edc432b4
commit
bd05d77afe
@ -96,12 +96,29 @@ abstract class lnAuth_Auth_ORM extends lnApp_Auth_ORM {
|
|||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create a hashed password
|
// Convert user password to new hash method
|
||||||
if (is_string($password))
|
if (is_string($password) AND ! password_verify($password,$user->password) AND ! in_array($this->_config['hash_method'],['md5','sha1'])) {
|
||||||
$password = $this->hash($password);
|
// Was MD5
|
||||||
|
if (
|
||||||
|
(md5($password) == $user->password) OR
|
||||||
|
(sha1($password) == $user->password)
|
||||||
|
) {
|
||||||
|
// It will be re-hased by ORM
|
||||||
|
$user->password = $password;
|
||||||
|
|
||||||
|
if (! $user->save())
|
||||||
|
throw HTTP_Exception::factory(501,'Error converting password for :user',array(':user'=>$user->name()));
|
||||||
|
else {
|
||||||
|
SystemMessage::factory()
|
||||||
|
->title('Password Update')
|
||||||
|
->type('info')
|
||||||
|
->body('Your password was updated to a more secure algorithm');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// If the passwords match, perform a login
|
// If the passwords match, perform a login
|
||||||
if ($user->active AND $user->has_any('group',ORM::factory('Group',array('name'=>'Registered Users'))->list_childgrps(TRUE)) AND $user->password === $password) {
|
if ($user->active AND $user->has_any('group',ORM::factory('Group',array('name'=>'Registered Users'))->list_childgrps(TRUE)) AND password_verify($password,$user->password)) {
|
||||||
|
|
||||||
// @todo This is not currently used.
|
// @todo This is not currently used.
|
||||||
if ($remember === TRUE) {
|
if ($remember === TRUE) {
|
||||||
|
Reference in New Issue
Block a user