aboutsummaryrefslogtreecommitdiff
path: root/ratatoeskr/setup/setup.php
diff options
context:
space:
mode:
authorLaria Carolin Chabowski <laria@laria.me>2020-09-25 23:09:31 +0200
committerLaria Carolin Chabowski <laria@laria.me>2020-09-25 23:09:31 +0200
commit5e347e4efaa81c2108256dc927208cd55dc10baa (patch)
treefccd9fea24e436ea2f3fa073475b2b665a4c31cf /ratatoeskr/setup/setup.php
parent854fef47192b45517d112e630fe2afa830432253 (diff)
downloadratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.tar.gz
ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.tar.bz2
ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.zip
Use password_hash() and friends to hash and verify passwords
Previously I rolled my own password hashing function. While it at least used some sort of salt, it's still a terrible idea. The newly created class PasswordHash wraps the password_hash() family of functions but can also check the old password hash format (to distinguish them, the new password hashes are prefixed with a '!'). In PasswordHash::needsRehash we then always report an hash of the old format as being in need of a rehash. That way, these old hashes will be replaced the next time the user successfully logs in.
Diffstat (limited to 'ratatoeskr/setup/setup.php')
-rw-r--r--ratatoeskr/setup/setup.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/ratatoeskr/setup/setup.php b/ratatoeskr/setup/setup.php
index 23205b8..c18fff0 100644
--- a/ratatoeskr/setup/setup.php
+++ b/ratatoeskr/setup/setup.php
@@ -1,6 +1,7 @@
<?php
use r7r\ste;
+use r7r\cms\sys\PasswordHash;
define("SETUP", true);
@@ -8,7 +9,6 @@ require_once(dirname(__FILE__) . "/../vendor/autoload.php");
require_once(dirname(__FILE__) . "/../sys/init_ste.php");
require_once(dirname(__FILE__) . "/../sys/translation.php");
require_once(dirname(__FILE__) . "/../sys/db.php");
-require_once(dirname(__FILE__) . "/../sys/pwhash.php");
require_once(dirname(__FILE__) . "/../languages.php");
require_once(dirname(__FILE__) . "/create_tables.php");
@@ -221,7 +221,7 @@ STYLE;
$ratatoeskr_settings->save();
$admingrp = Group::create("admins");
- $admin = user::create($_POST["admin_username"], PasswordHash::create($_POST["admin_init_password"]));
+ $admin = User::create($_POST["admin_username"], PasswordHash::hash($_POST["admin_init_password"]));
$admin->save();
$admingrp->include_user($admin);