Fix invocations of password_hash()

2018-04-15 22:00:16 -04:00 · 2018-04-15 22:00:16 -04:00 · a609984d39
parent 971e38778f
commit a609984d39
2 changed files with 4 additions and 4 deletions
--- a/bureau/class/m_admin.php
+++ b/bureau/class/m_admin.php
@ -634,7 +634,7 @@ class m_admin {
            $msg->raise("ERROR", "admin", _("Login can only contains characters a-z, 0-9 and -"));
            return false;
        }
-        $pass = password_hash($pass);
+        $pass = password_hash($pass, PASSWORD_BCRYPT);
        $db = new DB_System();
        // Already exist?
        $db->query("SELECT count(*) AS cnt FROM membres WHERE login= ?;", array($login));
@ -772,7 +772,7 @@ class m_admin {
        $db = new DB_System();

        if ($pass) {
-            $pass = password_hash($pass);
+            $pass = password_hash($pass, PASSWORD_BCRYPT);
            $second_query = "UPDATE membres SET mail= ?, canpass= ?, enabled= ?, `type`= ?, notes= ? , pass = ? WHERE uid= ?;";
            $second_query_args = array($mail, $canpass, $enabled, $type, $notes, $pass, $uid);
        } else {
--- a/bureau/class/m_mem.php
+++ b/bureau/class/m_mem.php
@ -108,7 +108,7 @@ class m_mem {
        // with password_hash().
        if (strncmp($db->f('pass'), '$1$', 3) == 0) {
            $db->query("update membres set pass = ? where uid = ?",
-                       array(password_hash($password), $cuid));
+                       array(password_hash($password, PASSWORD_BCRYPT), $cuid));
        }

        if (panel_islocked() && $cuid != 2000) {
@ -416,7 +416,7 @@ class m_mem {
        if (!$admin->checkPolicy("mem", $login, $newpass)) {
            return false; // The error has been raised by checkPolicy()
        }
-        $newpass = password_hash($newpass);
+        $newpass = password_hash($newpass, PASSWORD_BCRYPT);
        $db->query("UPDATE membres SET pass= ? WHERE uid= ?;", array($newpass, $cuid));
        $msg->init_msgs();
        return true;