Dotclear

Context Navigation

← Previous Ticket
Next Ticket →

Ticket #1923 (closed defect: fixed)

Opened 12 years ago

Last modified 10 years ago

User password hash method not centralized

Reported by:	bruno	Owned by:	franck
Priority:	normal	Milestone:	2.8
Component:	module:auth	Version:	2.6.1
Severity:	normal	Keywords:
Cc:

Description

The algorithm that computes user password hash (with hash_hmac and Dc_MASTER_KEY) should be located only in dcAuth.

crypt::hmac(DC_MASTER_KEY,$pwd) is currently hardcoded in many places inside core :

blog_del.php
langs.php
install/index.php
preferences.php
user.php

...

That prevents any flexibility in auth functions.

Change History

comment:1 Changed 10 years ago by franck

Owner changed from team to franck
Milestone changed from A definir to 2.8

comment:2 Changed 10 years ago by franck <carnet.franck.paul@…>

Status changed from new to closed
Resolution set to fixed

(In [7ed4286c8013]) Centralizes crypt function of pwd in class.dc.auth.php, closes #1923

Last edited 10 years ago by franck (previous) (diff)

Note: See TracTickets for help on using tickets.

Download in other formats:

Sites map

Dotclear
- Home
- Download
- Extend
- License
About
Help & support
Contribute
Satellite sites
- Themes on Dotaddict.org
- Plugins on Dotaddict.org