diff options
| -rw-r--r-- | _test/cases/inc/auth_password.test.php | 10 | ||||
| -rw-r--r-- | inc/PassHash.class.php | 6 |
2 files changed, 14 insertions, 2 deletions
diff --git a/_test/cases/inc/auth_password.test.php b/_test/cases/inc/auth_password.test.php index 1c0942239..8646e3226 100644 --- a/_test/cases/inc/auth_password.test.php +++ b/_test/cases/inc/auth_password.test.php @@ -39,6 +39,16 @@ class auth_password_test extends UnitTestCase { } } + function test_verifySelf(){ + foreach($this->passes as $method => $hash){ + $info = "testing method $method"; + $this->signal('failinfo',$info); + + $hash = auth_cryptPassword('foo'.$method); + $this->assertTrue(auth_verifyPassword('foo'.$method,$hash)); + } + } + function test_verifyPassword_nohash(){ $this->assertTrue(auth_verifyPassword('foo','$1$$n1rTiFE0nRifwV/43bVon/')); } diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index c4a6d78d0..cb46c5928 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -77,11 +77,13 @@ class PassHash { /** * Create a random salt * - * @todo use full range of characters instead of hex values only * @param int $len - The length of the salt */ public function gen_salt($len=32){ - return substr(md5(uniqid(rand(), true)),0,$len); + $salt = ''; + $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; + for($i=0;$i<$len,$i++;) $salt .= $chars[mt_rand(0,61)]; + return $salt; } /** |