From 3791b5891b0644625c7b05b63fc27fc5086a0f2c Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 23 Jun 2012 14:55:21 +0200 Subject: use more secure password hash for admin pass FS#2536 --- install.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'install.php') diff --git a/install.php b/install.php index bd43c6f99..80e9ad407 100644 --- a/install.php +++ b/install.php @@ -9,6 +9,8 @@ if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/'); if(!defined('DOKU_CONF')) define('DOKU_CONF',DOKU_INC.'conf/'); if(!defined('DOKU_LOCAL')) define('DOKU_LOCAL',DOKU_INC.'conf/'); +require_once(DOKU_INC.'inc/PassHash.class.php'); + // check for error reporting override or set error reporting to sane values if (!defined('DOKU_E_LEVEL')) { error_reporting(E_ALL ^ E_NOTICE); } else { error_reporting(DOKU_E_LEVEL); } @@ -50,6 +52,7 @@ $dokuwiki_hash = array( '2011-05-25' => '4241865472edb6fa14a1227721008072', '2011-11-10' => 'b46ff19a7587966ac4df61cbab1b8b31', '2012-01-25' => '72c083c73608fc43c586901fd5dabb74', + 'devel' => 'eb0b3fc90056fbc12bac6f49f7764df3' ); @@ -318,9 +321,13 @@ EOT; $ok = $ok && fileWrite(DOKU_LOCAL.'local.php',$output); if ($d['acl']) { + // hash the password + $phash = new PassHash(); + $pass = $phash->hash_smd5($d['password']); + // create users.auth.php - // --- user:MD5password:Real Name:email:groups,comma,seperated - $output = join(":",array($d['superuser'], md5($d['password']), $d['fullname'], $d['email'], 'admin,user')); + // --- user:SMD5password:Real Name:email:groups,comma,seperated + $output = join(":",array($d['superuser'], $pass, $d['fullname'], $d['email'], 'admin,user')); $output = @file_get_contents(DOKU_CONF.'users.auth.php.dist')."\n$output\n"; $ok = $ok && fileWrite(DOKU_LOCAL.'users.auth.php', $output); -- cgit v1.2.3