diff options
| author | Laria Carolin Chabowski <laria@laria.me> | 2020-09-25 23:09:31 +0200 |
|---|---|---|
| committer | Laria Carolin Chabowski <laria@laria.me> | 2020-09-25 23:09:31 +0200 |
| commit | 5e347e4efaa81c2108256dc927208cd55dc10baa (patch) | |
| tree | fccd9fea24e436ea2f3fa073475b2b665a4c31cf /ratatoeskr/sys/models.php | |
| parent | 854fef47192b45517d112e630fe2afa830432253 (diff) | |
| download | ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.tar.gz ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.tar.bz2 ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.zip | |
Use password_hash() and friends to hash and verify passwords
Previously I rolled my own password hashing function. While it at least
used some sort of salt, it's still a terrible idea.
The newly created class PasswordHash wraps the password_hash() family of
functions but can also check the old password hash format (to distinguish
them, the new password hashes are prefixed with a '!'). In
PasswordHash::needsRehash we then always report an hash of the old format
as being in need of a rehash. That way, these old hashes will be replaced
the next time the user successfully logs in.
Diffstat (limited to 'ratatoeskr/sys/models.php')
| -rw-r--r-- | ratatoeskr/sys/models.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php index b820e6f..1b196d6 100644 --- a/ratatoeskr/sys/models.php +++ b/ratatoeskr/sys/models.php @@ -253,7 +253,7 @@ class User extends BySQLRowEnabled * Variables: Public class properties * * $username - The username. - * $pwhash - <PasswordHash> of the password. + * $pwhash - Hash of the password. * $mail - E-Mail-address. * $fullname - The full name of the user. * $language - Users language @@ -270,7 +270,7 @@ class User extends BySQLRowEnabled * * Parameters: * $username - The username - * $pwhash - <PasswordHash> of the password + * $pwhash - Hash of the password * * Returns: * An User object |