lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX add password_hash compatibility test for PHP < 5.5

Browse Source
This commit is contained in:
Aurélien Labate 2018-01-15 11:02:08 +01:00
parent 8088d92bbb
commit b86a5d5623
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/core/lib/security.lib.php
View File

@ -82,7 +82,8 @@ function dol_hash($chain, $type='0')
global $conf;
// No need to add salt for password_hash
if ($type == '0' && ! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash') return password_hash($chain, PASSWORD_DEFAULT);
if ($type == '0' && ! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_hash'))
return password_hash($chain, PASSWORD_DEFAULT);
// Salt value
if (! empty($conf->global->MAIN_SECURITY_SALT)) $chain=$conf->global->MAIN_SECURITY_SALT.$chain;
@ -114,7 +115,7 @@ function dol_verifyHash($chain, $hash, $type='0')
{
global $conf;
if ($type == '0' && ! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash') {
if ($type == '0' && ! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'password_hash' && function_exists('password_verify')) {
if ($hash[0] == '$') return password_verify($chain, $hash);
else if(strlen($hash) == 32) return dol_verifyHash($chain, $hash, '3'); // md5
else if(strlen($hash) == 40) return dol_verifyHash($chain, $hash, '2'); // sha1md5

5
htdocs/install/step5.php
View File

@ -181,7 +181,10 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i',$action))
// Define default setup for password encryption
dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1", 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_SECURITY_SALT", dol_print_date(dol_now(), 'dayhourlog'), 'chaine', 0, '', 0); // All entities
dolibarr_set_const($db, "MAIN_SECURITY_HASH_ALGO", 'password_hash', 'chaine', 0, '', 0); // All entities
if (function_exists('password_hash'))
dolibarr_set_const($db, "MAIN_SECURITY_HASH_ALGO", 'password_hash', 'chaine', 0, '', 0); // All entities
else
dolibarr_set_const($db, "MAIN_SECURITY_HASH_ALGO", 'sha1md5', 'chaine', 0, '', 0); // All entities
}
}