properly tie auth cookies to private salt
This commit is contained in:
parent
28392a12d3
commit
eb146d9201
@ -21,7 +21,7 @@ function mkhash($username, $password, $salt = false) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// generate hash (method is not important as long as it's strong)
|
// generate hash (method is not important as long as it's strong)
|
||||||
$hash = substr(base64_encode(md5($username . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20);
|
$hash = substr(base64_encode(md5($username . $config['cookies']['salt'] . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20);
|
||||||
|
|
||||||
if (isset($generated_salt))
|
if (isset($generated_salt))
|
||||||
return Array($hash, $salt);
|
return Array($hash, $salt);
|
||||||
|
Loading…
Reference in New Issue
Block a user