diff options
author | Mario <mario@mariovavti.com> | 2021-03-22 09:50:12 +0100 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2021-03-22 09:50:12 +0100 |
commit | 13355d42f71e72c67e6cd993ee13f427a69c0eee (patch) | |
tree | 016a13c631b752023474bc7a4038efc0f62eeb59 /include | |
parent | 62fbdf3f63c4a32191af03c3d972c293541c0469 (diff) | |
download | volse-hubzilla-13355d42f71e72c67e6cd993ee13f427a69c0eee.tar.gz volse-hubzilla-13355d42f71e72c67e6cd993ee13f427a69c0eee.tar.bz2 volse-hubzilla-13355d42f71e72c67e6cd993ee13f427a69c0eee.zip |
air security: saving the password as hex string is not acceptable
Diffstat (limited to 'include')
-rw-r--r-- | include/account.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/include/account.php b/include/account.php index c3c7d26b7..858c915e0 100644 --- a/include/account.php +++ b/include/account.php @@ -327,8 +327,9 @@ function create_account_from_register($arr) { $roles = ACCOUNT_ROLE_ADMIN; } - $salt = random_string(32); - $password_encoded = hash('whirlpool', $salt . (hex2bin($register[0]['reg_pass']))); + $password_parts = explode(',', $register[0]['reg_pass']); + $salt = $password_parts[0]; + $password_encoded = $password_parts[1]; $ri = q( "INSERT INTO account (" |