the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2025-02-25 07:16:21 +08:00
Code Issues Projects Releases Packages Wiki Activity

Switch admin password hashing to secure algorithms when available

Browse source
This commit is contained in:
Peter Linss 2019-11-19 16:24:21 -08:00
parent ba8bf15b4c
commit b77dcb5c12
No known key found for this signature in database
GPG key ID: 0ED32B6657FA9FE0
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php
View file

@ -99,6 +99,9 @@ class Application extends \RainLoop\Config\AbstractConfig
*/
public function SetPassword($sPassword)
{
if (function_exists('password_hash')) {
return $this->Set('security', 'admin_password', password_hash($sPassword, PASSWORD_DEFAULT));
}
return $this->Set('security', 'admin_password', \md5(APP_SALT.$sPassword.APP_SALT));
}
@ -112,8 +115,18 @@ class Application extends \RainLoop\Config\AbstractConfig
$sPassword = (string) $sPassword;
$sConfigPassword = (string) $this->Get('security', 'admin_password', '');
return 0 < \strlen($sPassword) &&
(($sPassword === $sConfigPassword && '12345' === $sConfigPassword) || \md5(APP_SALT.$sPassword.APP_SALT) === $sConfigPassword);
if (0 < strlen($sConfigPassword)) {
if (($sPassword === $sConfigPassword) && ('12345' === $sConfigPassword)) {
return true;
}
if (32 == strlen($sConfigPassword)) { // legacy md5 hash
return (\md5(APP_SALT.$sPassword.APP_SALT) === $sConfigPassword);
}
if (function_exists('password_verify')) {
return password_verify($sPassword, $sConfigPassword);
}
}
return false;
}
/**