replace call to crypt with password_verify (3aa15c7) - webinterface.git

replace call to crypt with password_verify

Hanno Böck commited on 2023-12-09 19:44:07
Zeige 1 geänderte Dateien mit 1 Einfügungen und 1 Löschungen.

modules/webmailtotp/include/totp.php 82b3c65..6f8b347

@@ -36,7 +36,7 @@ function validate_password($username, $password)
         return false;
     }
     $account = $result->fetch();
-    return (crypt($password, $account['cryptpass']) == $account['cryptpass']);
+    return password_verify($password, $account['cryptpass']);
 }
 
 


...	...	@@ -36,7 +36,7 @@ function validate_password($username, $password)
36	36	return false;
37	37	}
38	38	$account = $result->fetch();
39		- return (crypt($password, $account['cryptpass']) == $account['cryptpass']);
	39	+ return password_verify($password, $account['cryptpass']);
40	40	}
41	41
42	42
43	43