From c3a005adbc29424980c04080d8c66359341b6103 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 12 Sep 2007 04:58:05 +0100 Subject: [PATCH] use login as salt when generating passwords (2) --- modules/pref-users.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/pref-users.php b/modules/pref-users.php index e554da4c..fdc6d495 100644 --- a/modules/pref-users.php +++ b/modules/pref-users.php @@ -73,7 +73,7 @@ $password = db_escape_string(trim($_GET["password"])); if ($password) { - $pwd_hash = 'SHA1:' . sha1($password); + $pwd_hash = encrypt_password($password, $login); $pass_query_part = "pwd_hash = '$pwd_hash', "; print_notice(T_sprintf('Changed password of user %s.', $login)); } else { @@ -101,7 +101,7 @@ $login = db_escape_string(trim($_GET["login"])); $tmp_user_pwd = make_password(8); - $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + $pwd_hash = encrypt_password($tmp_user_pwd, $login); $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'"); @@ -146,7 +146,7 @@ $login = db_fetch_result($result, 0, "login"); $email = db_fetch_result($result, 0, "email"); $tmp_user_pwd = make_password(8); - $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + $pwd_hash = encrypt_password($tmp_user_pwd, $login); db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' WHERE id = '$uid'"); -- 2.39.5