switch from crypt() to password_hash() and password_verify(), thx to kapsonfire for the hint
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -609,7 +609,7 @@ opcache.validate_timestamps'),
|
||||
('system', 'apache24', '1'),
|
||||
('system', 'apache24_ocsp_cache_path', 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)'),
|
||||
('system', 'documentroot_use_default_value', '0'),
|
||||
('system', 'passwordcryptfunc', '3'),
|
||||
('system', 'passwordcryptfunc', '2y'),
|
||||
('system', 'axfrservers', ''),
|
||||
('system', 'powerdns_mode', 'Native'),
|
||||
('system', 'customer_ssl_path', '/etc/ssl/froxlor-custom/'),
|
||||
|
||||
@@ -420,30 +420,6 @@ class FroxlorInstall
|
||||
$content[] = $check;
|
||||
}
|
||||
|
||||
/**
|
||||
* generate safe unique token
|
||||
*
|
||||
* @param int $length
|
||||
* @return string
|
||||
*/
|
||||
private function genUniqueToken(int $length = 16)
|
||||
{
|
||||
if (!isset($length) || intval($length) <= 8) {
|
||||
$length = 16;
|
||||
}
|
||||
if (function_exists('random_bytes')) {
|
||||
return bin2hex(random_bytes($length));
|
||||
}
|
||||
if (function_exists('mcrypt_create_iv')) {
|
||||
return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
|
||||
}
|
||||
if (function_exists('openssl_random_pseudo_bytes')) {
|
||||
return bin2hex(openssl_random_pseudo_bytes($length));
|
||||
}
|
||||
// if everything else fails, use unsafe fallback
|
||||
return substr(md5(uniqid(microtime(), 1)), 0, $length);
|
||||
}
|
||||
|
||||
/**
|
||||
* create corresponding entries in froxlor database
|
||||
*
|
||||
@@ -513,8 +489,8 @@ class FroxlorInstall
|
||||
];
|
||||
$ins_data = array(
|
||||
'loginname' => $this->_data['admin_user'],
|
||||
/* use SHA256 default crypt */
|
||||
'password' => crypt($this->_data['admin_pass1'], '$5$' . $this->genUniqueToken() . $this->genUniqueToken()),
|
||||
/* use system default crypt */
|
||||
'password' => password_hash($this->_data['admin_pass1'], PASSWORD_DEFAULT),
|
||||
'email' => 'admin@' . $this->_data['servername'],
|
||||
'deflang' => $this->_languages[$this->_activelng]
|
||||
);
|
||||
|
||||
@@ -87,6 +87,11 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.99')) {
|
||||
Settings::AddNew("panel.settings_mode", $panel_settings_mode);
|
||||
lastStepStatus(0);
|
||||
|
||||
showUpdateStep("Adjusting existing settings");
|
||||
Settings::Set('system.passwordcryptfunc', PASSWORD_DEFAULT);
|
||||
lastStepStatus(0);
|
||||
|
||||
|
||||
if (\Froxlor\Froxlor::isFroxlorVersion('0.10.99')) {
|
||||
showUpdateStep("Updating from 0.10.99 to 0.11.0-dev1", false);
|
||||
\Froxlor\Froxlor::updateToVersion('0.11.0-dev1');
|
||||
|
||||
Reference in New Issue
Block a user