Browse code

Simplify crypt() calls, always assume SHA512 is available, use default value for rounds

Hanno Böck authored on13/01/2021 10:32:52
Showing3 changed files
... ...
@@ -18,16 +18,7 @@ function encrypt_mail_password($newpass)
18 18
 {
19 19
     DEBUG("unencrypted PW: »".$newpass."«");
20 20
     require_once('inc/base.php');
21
-    if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1) {
22
-        $rounds = rand(1000, 5000);
23
-        $salt = "rounds=".$rounds."$".random_string(8);
24
-        DEBUG("crypt(\"{$newpass}\", \"\$6\${$salt}\$\");");
25
-        $newpass = crypt($newpass, "\$6\${$salt}\$");
26
-    } else {
27
-        $salt = random_string(8);
28
-        DEBUG("crypt(\"{$newpass}\", \"\$1\${$salt}\$\");");
29
-        $newpass = crypt($newpass, "\$1\${$salt}\$");
30
-    }
21
+    $newpass = crypt($newpass, '$6$'.random_string(8).'$');
31 22
     DEBUG("encrypted PW: ".$newpass);
32 23
     return chop($newpass);
33 24
 }
... ...
@@ -79,14 +79,7 @@ function save_ftpuser($data)
79 79
         if ($result !== true) {
80 80
             system_failure("Unsicheres Passwort: ".$result);
81 81
         }
82
-        if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1) {
83
-            $rounds = rand(1000, 5000);
84
-            $salt = "rounds=".$rounds."$".random_string(8);
85
-            $password_hash = crypt($data['password'], "\$6\${$salt}\$");
86
-        } else {
87
-            $salt = random_string(8);
88
-            $password_hash = crypt($data['password'], "\$1\${$salt}\$");
89
-        }
82
+        $password_hash = crypt($data['password'], '$6$'.random_string(8).'$');
90 83
         $set_password = true;
91 84
     } elseif (! $data['id']) {
92 85
         system_failure('Wenn Sie einen neuen Zugang anlegen, müssen Sie ein Passwort setzen');
... ...
@@ -264,14 +264,7 @@ function set_systemuser_password($uid, $newpass)
264 264
 {
265 265
     $uid = (int) $uid;
266 266
     require_once('inc/base.php');
267
-    if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1) {
268
-        $rounds = rand(1000, 5000);
269
-        $salt = "rounds=".$rounds."$".random_string(8);
270
-        $newpass = crypt($newpass, "\$6\${$salt}\$");
271
-    } else {
272
-        $salt = random_string(8);
273
-        $newpass = crypt($newpass, "\$1\${$salt}\$");
274
-    }
267
+    $newpass = crypt($newpass, '$6$'.random_string(8).'$');
275 268
     db_query("UPDATE system.passwoerter SET passwort=:newpass WHERE uid=:uid", array(":newpass" => $newpass, ":uid" => $uid));
276 269
     logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password.");
277 270
 }