yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-06 03:50:04 +02:00
Code Issues Releases Wiki Activity

New Password Security improvements

Browse source
This commit is contained in:
DanieL 2022-07-06 21:41:01 -03:00
parent 7e4fa97328
commit a3da7024f9
2 changed files with 60 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

15
objects/functions.php
View file

@ -2718,7 +2718,20 @@ function encryptPasswordVerify($password, $hash, $encodedPass = false) {
$passwordUnSalted = $password;
}
//_error_log("passwordSalted = $passwordSalted, hash=$hash, passwordUnSalted=$passwordUnSalted");
return $passwordSalted === $hash || $passwordUnSalted === $hash || $password === $hash;
$isValid = $passwordSalted === $hash || $passwordUnSalted === $hash;
if(!$isValid){
$passwordFromHash = User::getPasswordFromUserHash($password);
$isValid = $passwordFromHash === $hash;
}
if(!$isValid){
if($password === $hash){
_error_log('encryptPasswordVerify: this is a deprecated password, this will stop to work soon '.json_encode(debug_backtrace()), AVideoLog::$SECURITY);
return true;
}
}
return $isValid;
}
function encryptPasswordV2($uniqueSalt, $password, $noSalt = false) {