Re: Can't login to flyspray

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Am 16.04.21 um 20:31 schrieb Justin Capella via arch-general:

> Can't help but think that if there is a length limit to a password it is
> plaintext in the database.

Good catch, but no:

https://github.com/Flyspray/flyspray/blob/master/scripts/authenticate.php
> Latest commit 1528f9d on 2 Sep 2019

> # upgrade from unsalted md5 or unsalted sha1 or unsalted sha512 to better
> if($conf['general']['passwdcrypt']=='argon2i'){
> 	$newhash=password_hash($password, PASSWORD_ARGON2I);
> }else{
> 	$cryptoptions=array('cost'=>12);
> 	$newhash=password_hash($password, PASSWORD_BCRYPT, $cryptoptions);
> }
> # save the new hash
> $db->query("UPDATE {users} SET user_pass=? WHERE user_id=?", array($newhash, $user_id));
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux