dyndns: use gen_pw_hash for secure hashes, check password strength
Hanno Böck commited on 2024-01-06 15:19:52
Zeige 1 geänderte Dateien mit 8 Einfügungen und 2 Löschungen.
- modules/dns/include/dnsinclude.php ad890b1..b24bf65
| ... | ... |
@@ -69,7 +69,10 @@ function create_dyndns_account($handle, $password_http, $sshkey) |
| 69 | 69 |
|
| 70 | 70 |
$pwhash = null; |
| 71 | 71 |
if ($password_http) {
|
| 72 |
- $pwhash = "{SHA}" . base64_encode(sha1($password_http, true));
|
|
| 72 |
+ if (($check = strong_password($password_http)) !== true) {
|
|
| 73 |
+ system_failure($check); |
|
| 74 |
+ } |
|
| 75 |
+ $pwhash = gen_pw_hash($password_http); |
|
| 73 | 76 |
} |
| 74 | 77 |
|
| 75 | 78 |
db_query( |
| ... | ... |
@@ -100,7 +103,10 @@ function edit_dyndns_account($id, $handle, $password_http, $sshkey) |
| 100 | 103 |
$args = [":handle" => $handle, ":sshkey" => $sshkey, ":id" => $id]; |
| 101 | 104 |
$pwhash = null; |
| 102 | 105 |
if ($password_http && $password_http != '************') {
|
| 103 |
- $args[":pwhash"] = "{SHA}" . base64_encode(sha1($password_http, true));
|
|
| 106 |
+ if (($check = strong_password($password_http)) !== true) {
|
|
| 107 |
+ system_failure($check); |
|
| 108 |
+ } |
|
| 109 |
+ $args[":pwhash"] = gen_pw_hash($password_http); |
|
| 104 | 110 |
db_query("UPDATE dns.dyndns SET handle=:handle, password=:pwhash, sshkey=:sshkey WHERE id=:id", $args);
|
| 105 | 111 |
} else {
|
| 106 | 112 |
db_query("UPDATE dns.dyndns SET handle=:handle, sshkey=:sshkey WHERE id=:id", $args);
|
| 107 | 113 |