diff options
| author | Igor Scheller <igor.scheller@igorshp.de> | 2017-01-01 18:49:43 +0100 |
|---|---|---|
| committer | Igor Scheller <igor.scheller@igorshp.de> | 2017-01-01 18:50:53 +0100 |
| commit | 1f8d1eb4bbe9a764fa69a2da936db7adbfb2941e (patch) | |
| tree | 716db7272e50734907f1f6fc35a1a93db0a97428 /includes/sys_auth.php | |
| parent | 5e850171e2f323e0ac13df5f8e1c1d5046959a52 (diff) | |
Fixed "Constant already defined" notice
Added more ugly global variables
Diffstat (limited to 'includes/sys_auth.php')
| -rw-r--r-- | includes/sys_auth.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 135e49e3..7a1dd4b7 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -39,7 +39,8 @@ function generate_salt($length = 16) { * set the password of a user */ function set_password($uid, $password) { - $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1"); + global $crypt_alg; + $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1"); if ($result === false) { engelsystem_error('Unable to update password.'); } @@ -51,6 +52,7 @@ function set_password($uid, $password) { * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically */ function verify_password($password, $salt, $uid = false) { + global $crypt_alg; $correct = false; if (substr($salt, 0, 1) == '$') { // new-style crypt() $correct = crypt($password, $salt) == $salt; @@ -59,12 +61,12 @@ function verify_password($password, $salt, $uid = false) { } elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore $correct = md5($password) == $salt; } - - if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) { + + if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && $uid) { // this password is stored in another format than we want it to be. // let's update it! // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash - sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1"); + sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1"); } return $correct; } |