diff options
author | Wojciech Polak <polak@gnu.org> | 2014-04-23 00:14:58 +0200 |
---|---|---|
committer | Wojciech Polak <polak@gnu.org> | 2014-04-24 00:15:50 +0200 |
commit | a6d9d0ac8558575f3dae6500a939302ec9419be8 (patch) | |
tree | e41d26dd72af60d2806d355c00ae1767bd272392 /frontend/changepassword.php | |
parent | 4bfca38dd3eaf92a868390ac51ff85b54a6c2c90 (diff) | |
download | cheetah-a6d9d0ac8558575f3dae6500a939302ec9419be8.tar.gz cheetah-a6d9d0ac8558575f3dae6500a939302ec9419be8.tar.bz2 |
Rewrite ancient password handling. Move to PBKDF2.
Diffstat (limited to 'frontend/changepassword.php')
-rw-r--r-- | frontend/changepassword.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/frontend/changepassword.php b/frontend/changepassword.php index 69ebfb2..bb726ce 100644 --- a/frontend/changepassword.php +++ b/frontend/changepassword.php @@ -4,7 +4,7 @@ /* Cheetah News changepassword.php - Copyright (C) 2005, 2006, 2010 Wojciech Polak. + Copyright (C) 2005, 2006, 2010, 2014 Wojciech Polak. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the @@ -105,7 +105,7 @@ else if (!empty ($hash)) $validPass = false; if ($validPassLen && $validPass) { - $db->query ("UPDATE user SET pass='".md5 ($pass). + $db->query ("UPDATE user SET pass='".make_password ($pass). "', failogCount=0 WHERE email='".$email."'"); $db->query ("DELETE FROM forgotpassword WHERE email='".$email."'"); $message = _('Your password has been successfully changed.'); |