Commit 39c2f720 authored by Dustri's avatar Dustri
Browse files

Utilisation de blowfish pour le hashage des mots de passe

A TESTER AVANT LA MISE EN PROD !!!!!!

L'ancienne methode etait du DES.
http://fr2.php.net/manual/en/function.crypt.php
parent 4603b54b
...@@ -264,8 +264,8 @@ function inscription($message) ...@@ -264,8 +264,8 @@ function inscription($message)
$return = "InvalidSex"; $return = "InvalidSex";
else else
{ {
$password = genere_pass(7); $password = genere_pass(16);
$password = crypt($password, "ae"); $password = crypt($password, uniqid('$2y$07$', true));
$user->create_user($nom, $prenom, $email, $password, false, $naissance, $sexe, $utbm); $user->create_user($nom, $prenom, $email, $password, false, $naissance, $sexe, $utbm);
$user->load_by_email($email); $user->load_by_email($email);
$return = $user->id; $return = $user->id;
......
...@@ -566,10 +566,7 @@ class utilisateur extends stdentity ...@@ -566,10 +566,7 @@ class utilisateur extends stdentity
*/ */
function is_password ( $password ) function is_password ( $password )
{ {
// if ($this->pass == crypt($password, substr($this->pass,0,2))) return ($this->pass === crypt($password, $this->pass));
if ($this->pass == crypt($password, "ae"))
return true;
return false;
} }
/** Change le mot de passe de l'utilisateur /** Change le mot de passe de l'utilisateur
...@@ -577,7 +574,7 @@ class utilisateur extends stdentity ...@@ -577,7 +574,7 @@ class utilisateur extends stdentity
*/ */
function change_password ( $new_password ) function change_password ( $new_password )
{ {
$this->pass = crypt($new_password, "ae"); $this->pass = crypt($new_password, uniqid('$2y$07$', true));
$req = new update($this->dbrw, $req = new update($this->dbrw,
"utilisateurs", "utilisateurs",
array("pass_utl"=>$this->pass), array("pass_utl"=>$this->pass),
...@@ -1215,7 +1212,7 @@ class utilisateur extends stdentity ...@@ -1215,7 +1212,7 @@ class utilisateur extends stdentity
$alias.=1; $alias.=1;
} }
$this->alias = $alias; $this->alias = $alias;
$this->pass = crypt($password, "ae"); $this->pass = crypt($password, uniqid('$2y$07$', true));
$this->sexe = $sexe; $this->sexe = $sexe;
$this->date_naissance = $date_naissance; $this->date_naissance = $date_naissance;
$this->droit_image = $droit_image; $this->droit_image = $droit_image;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment