diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2011-01-23 11:15:33 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2011-01-23 11:15:33 +0100 |
| commit | 62bbd5ef5f25e1d89d67a00cc3b51a954013d7cb (patch) | |
| tree | eb9070ea8cd4afc88dbf53fcf009f14ad9fe18c3 | |
| parent | 52c9860c6e3a36b884ca186f1c9ea3d7acdf2b13 (diff) | |
| download | rpg-62bbd5ef5f25e1d89d67a00cc3b51a954013d7cb.tar.gz rpg-62bbd5ef5f25e1d89d67a00cc3b51a954013d7cb.tar.bz2 | |
use a bigger range of characters for password salts
| -rw-r--r-- | _test/cases/inc/auth_password.test.php | 10 | ||||
| -rw-r--r-- | inc/PassHash.class.php | 6 |
2 files changed, 14 insertions, 2 deletions
diff --git a/_test/cases/inc/auth_password.test.php b/_test/cases/inc/auth_password.test.php index 1c0942239..8646e3226 100644 --- a/_test/cases/inc/auth_password.test.php +++ b/_test/cases/inc/auth_password.test.php @@ -39,6 +39,16 @@ class auth_password_test extends UnitTestCase { } } + function test_verifySelf(){ + foreach($this->passes as $method => $hash){ + $info = "testing method $method"; + $this->signal('failinfo',$info); + + $hash = auth_cryptPassword('foo'.$method); + $this->assertTrue(auth_verifyPassword('foo'.$method,$hash)); + } + } + function test_verifyPassword_nohash(){ $this->assertTrue(auth_verifyPassword('foo','$1$$n1rTiFE0nRifwV/43bVon/')); } diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index c4a6d78d0..cb46c5928 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -77,11 +77,13 @@ class PassHash { /** * Create a random salt * - * @todo use full range of characters instead of hex values only * @param int $len - The length of the salt */ public function gen_salt($len=32){ - return substr(md5(uniqid(rand(), true)),0,$len); + $salt = ''; + $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; + for($i=0;$i<$len,$i++;) $salt .= $chars[mt_rand(0,61)]; + return $salt; } /** |