]> git.wh0rd.org - tt-rss.git/blobdiff - modules/pref-prefs.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
use login as salt when generating passwords
[tt-rss.git] / modules / pref-prefs.php
diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php
index a3132ce4caa552bb71655fa078270e70df349bf2..6c19343090a175b74215b01c1acadbfbd0ced742 100644 (file)
--- a/modules/pref-prefs.php
+++ b/modules/pref-prefs.php
@@ -31,8 +31,12 @@
                                return;
                        }
 
-                       $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
-                       $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
+                       $old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]);
+                       $old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"],
+                               $_SESSION["name"]);
+
+                       $new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"],
+                               $_SESSION["name"]);
 
                        $active_uid = $_SESSION["uid"];
                        
@@ -41,8 +45,8 @@
                                $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
 
                                $result = db_query($link, "SELECT id FROM ttrss_users WHERE 
-                                       id = '$active_uid' AND (pwd_hash = '$old_pw' OR 
-                                               pwd_hash = '$old_pw_hash')");
+                                       id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR 
+                                               pwd_hash = '$old_pw_hash2')");
 
                                if (db_num_rows($result) == 1) {
                                        db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' 
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/