diff --git a/inc/inc.ClassDbAuthentication.php b/inc/inc.ClassDbAuthentication.php index 18838ee3e..5d94b2c64 100644 --- a/inc/inc.ClassDbAuthentication.php +++ b/inc/inc.ClassDbAuthentication.php @@ -58,7 +58,7 @@ class SeedDMS_DbAuthentication extends SeedDMS_Authentication { // Check if password matches (if not a guest user) // Assume that the password has been sent via HTTP POST. It would be careless // (and dangerous) for passwords to be sent via GET. - if (md5($password) != $user->getPwd()) { + if (!seed_pass_verify($password, $user->getPwd())) { /* if counting of login failures is turned on, then increment its value */ if($settings->_loginFailure) { $failures = $user->addLoginFailure(); diff --git a/op/op.ChangePassword.php b/op/op.ChangePassword.php index c15da5a68..d481dd129 100644 --- a/op/op.ChangePassword.php +++ b/op/op.ChangePassword.php @@ -54,7 +54,7 @@ if (empty($newpassword) || empty($newpasswordrepeat) || $newpassword != $newpass $user = $dms->checkPasswordRequest($hash); if($user) { - $user->setPwd(md5($newpassword)); + $user->setPwd(seed_pass_hash($newpassword)); $dms->deletePasswordRequest($hash); header('Location: ../out/out.Login.php'); exit; diff --git a/op/op.EditUserData.php b/op/op.EditUserData.php index 749bbda20..08385c97b 100644 --- a/op/op.EditUserData.php +++ b/op/op.EditUserData.php @@ -46,7 +46,7 @@ if(isset($_POST["theme"])) $mytheme = $_POST["theme"]; $current_pwd = $_POST["currentpwd"]; -if($user->getPwd() != md5($current_pwd)) { +if(!seed_pass_verify($current_pwd, $user->getPwd())) { UI::exitError(getMLText("edit_user_details"),getMLText("password_wrong")); } @@ -61,14 +61,14 @@ if (isset($_POST["pwd"]) && ($_POST["pwd"] != "")) { if ($current_pwd == $_POST["pwd"]) // history doesn't have the initial pw stored yet UI::exitError(getMLText("set_password"),getMLText("password_already_used")); $phm = new SeedDMS_PasswordHistoryManager($db); - $oldpwd = $phm->search($user, md5($_POST["pwd"])); + $oldpwd = $phm->search($user, seed_pass_hash($_POST["pwd"])); if($oldpwd) { UI::exitError(getMLText("set_password"),getMLText("password_already_used")); } else { - $phm->add($user, md5($_POST["pwd"])); + $phm->add($user, seed_pass_hash($_POST["pwd"])); } } - $user->setPwd(md5($_POST["pwd"])); + $user->setPwd(seed_pass_hash($_POST["pwd"])); $user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400)); } else { UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient")); @@ -76,14 +76,14 @@ if (isset($_POST["pwd"]) && ($_POST["pwd"] != "")) { } else { if($settings->_passwordHistory > 0) { $phm = new SeedDMS_PasswordHistoryManager($db); - $oldpwd = $phm->search($user, md5($_POST["pwd"])); + $oldpwd = $phm->search($user, seed_pass_hash($_POST["pwd"])); if($oldpwd) { UI::exitError(getMLText("set_password"),getMLText("password_already_used")); } else { - $phm->add($user, md5($_POST["pwd"])); + $phm->add($user, seed_pass_hash($_POST["pwd"])); } } - $user->setPwd(md5($_POST["pwd"])); + $user->setPwd(seed_pass_hash($_POST["pwd"])); $user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400)); } } diff --git a/op/op.UsrMgr.php b/op/op.UsrMgr.php index 403c64cff..fe9f9035b 100644 --- a/op/op.UsrMgr.php +++ b/op/op.UsrMgr.php @@ -68,7 +68,7 @@ if ($action == "adduser") { UI::exitError(getMLText("admin_tools"),getMLText("user_exists")); } - $newUser = $dms->addUser($login, md5($pwd), $name, $email, $settings->_language, $settings->_theme, $comment, $role, $isHidden, $isDisabled, $pwdexpiration, $quota, $homefolder); + $newUser = $dms->addUser($login, seed_pass_hash($pwd), $name, $email, $settings->_language, $settings->_theme, $comment, $role, $isHidden, $isDisabled, $pwdexpiration, $quota, $homefolder); if ($newUser) { /* Set user image if uploaded */ @@ -367,7 +367,7 @@ else if ($action == "edituser") { $editedUser->setPwd(''); } else { if (isset($pwd) && ($pwd != "")) { - $editedUser->setPwd(md5($pwd)); + $editedUser->setPwd(seed_pass_hash($pwd)); } } if ($editedUser->getFullName() != $name)