Commit 39c2f720 authored by Dustri's avatar Dustri
Browse files

Utilisation de blowfish pour le hashage des mots de passe

A TESTER AVANT LA MISE EN PROD !!!!!!

L'ancienne methode etait du DES.
http://fr2.php.net/manual/en/function.crypt.php
parent 4603b54b
......@@ -264,8 +264,8 @@ function inscription($message)
$return = "InvalidSex";
else
{
$password = genere_pass(7);
$password = crypt($password, "ae");
$password = genere_pass(16);
$password = crypt($password, uniqid('$2y$07$', true));
$user->create_user($nom, $prenom, $email, $password, false, $naissance, $sexe, $utbm);
$user->load_by_email($email);
$return = $user->id;
......
......@@ -566,10 +566,7 @@ class utilisateur extends stdentity
*/
function is_password ( $password )
{
// if ($this->pass == crypt($password, substr($this->pass,0,2)))
if ($this->pass == crypt($password, "ae"))
return true;
return false;
return ($this->pass === crypt($password, $this->pass));
}
/** Change le mot de passe de l'utilisateur
......@@ -577,7 +574,7 @@ class utilisateur extends stdentity
*/
function change_password ( $new_password )
{
$this->pass = crypt($new_password, "ae");
$this->pass = crypt($new_password, uniqid('$2y$07$', true));
$req = new update($this->dbrw,
"utilisateurs",
array("pass_utl"=>$this->pass),
......@@ -1215,7 +1212,7 @@ class utilisateur extends stdentity
$alias.=1;
}
$this->alias = $alias;
$this->pass = crypt($password, "ae");
$this->pass = crypt($password, uniqid('$2y$07$', true));
$this->sexe = $sexe;
$this->date_naissance = $date_naissance;
$this->droit_image = $droit_image;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment