diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-01-26 13:37:56 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-01-26 13:37:56 +0100 |
| commit | 925ad1487c71b97ed6cdb2e339a8d84abd199fef (patch) | |
| tree | cc93b986de25c2a4d30de5e02e65d19d3ab70d83 /inc | |
| parent | 529b04166c604b1d086cbfeac1bd676227d04872 (diff) | |
| download | rpg-925ad1487c71b97ed6cdb2e339a8d84abd199fef.tar.gz rpg-925ad1487c71b97ed6cdb2e339a8d84abd199fef.tar.bz2 | |
allow varying salt length in password hasher
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/PassHash.class.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 6918a04b4..15ea8cbcf 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -104,14 +104,18 @@ class PassHash { * Initialize the passed variable with a salt if needed. * * If $salt is not null, the value is kept, but the lenght restriction is - * applied. + * applied (unless, $cut is false). * * @param string &$salt The salt, pass null if you want one generated * @param int $len The length of the salt + * @param bool $cut Apply length restriction to existing salt? */ - public function init_salt(&$salt, $len = 32) { - if(is_null($salt)) $salt = $this->gen_salt($len); - if(strlen($salt) > $len) $salt = substr($salt, 0, $len); + public function init_salt(&$salt, $len = 32, $cut = true) { + if(is_null($salt)) { + $salt = $this->gen_salt($len); + $cut = true; // for new hashes we alway apply length restriction + } + if(strlen($salt) > $len && $cut) $salt = substr($salt, 0, $len); } // Password hashing methods follow below @@ -465,7 +469,7 @@ class PassHash { * @return string Hashed password */ public function hash_mediawiki($clear, $salt = null) { - $this->init_salt($salt, 8); + $this->init_salt($salt, 8, false); return ':B:'.$salt.':'.md5($salt.'-'.md5($clear)); } } |