From 787d28e8d03c7c1a2ebe72c6101dd669aece3131 Mon Sep 17 00:00:00 2001 From: Ulrich Block Date: Wed, 16 Oct 2013 22:15:37 +0200 Subject: [PATCH] MD5 PW Creation --- web/login.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/web/login.php b/web/login.php index 9f27295a..0848b808 100644 --- a/web/login.php +++ b/web/login.php @@ -236,12 +236,13 @@ $userpassOld = passwordhash($username, $password); // some systems do not care about security at all. - // In case we imported users from such insecure implementations + // In case we imported users from such insecure implementations we need to migrate to something safe $md5Import = md5($password); - if ($userpassOld == $security) { + if ($userpassOld == $security or $md5Import == $security) { + $salt = md5(mt_rand() . date('Y-m-d H:i:s:u')); - $userpass = $userpassOld; + $userpass = ($userpassOld == $security) ? $userpassOld : $security; $query = $sql->prepare("UPDATE `userdata` SET `security`=?,`salt`=? WHERE `id`=? LIMIT 1"); $query->execute(array(createHash($username, $password, $salt, $aeskey), $salt, $id));