From 13355d42f71e72c67e6cd993ee13f427a69c0eee Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Mon, 22 Mar 2021 09:50:12 +0100
Subject: air security: saving the password as hex string is not acceptable

---
 include/account.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'include/account.php')

diff --git a/include/account.php b/include/account.php
index c3c7d26b7..858c915e0 100644
--- a/include/account.php
+++ b/include/account.php
@@ -327,8 +327,9 @@ function create_account_from_register($arr) {
 		$roles = ACCOUNT_ROLE_ADMIN;
 	}
 
-	$salt = random_string(32);
-	$password_encoded = hash('whirlpool', $salt . (hex2bin($register[0]['reg_pass'])));
+	$password_parts = explode(',', $register[0]['reg_pass']);
+	$salt = $password_parts[0];
+	$password_encoded = $password_parts[1];
 
 	$ri = q(
 		"INSERT INTO account ("
-- 
cgit v1.2.3