From 14f6017a5b84d70320bde9d6e074ea8ac948a85e Mon Sep 17 00:00:00 2001
From: Arun Persaud <arun@nubati.net>
Date: Sat, 22 Sep 2012 12:38:58 -0700
Subject: updated to better password hash: use crypt instead of md5

the upgrade will be done automatically when a user logs in, password recovery is still based
on md5, but that should be OK, since it's a random generated password anyway
---
 include/user.php | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

(limited to 'include/user.php')

diff --git a/include/user.php b/include/user.php
index 1b3d83e..d486b07 100644
--- a/include/user.php
+++ b/include/user.php
@@ -25,12 +25,7 @@ if(!isset($HOST))
   exit;
 
 /* test id and password, should really be done in one step */
-if(!isset($_SESSION['name']))
-  {
-    $email     = $_REQUEST['email'];
-    $password  = $_REQUEST['password'];
-  }
-else
+if(isset($_SESSION['name']))
   {
     $name = $_SESSION['name'];
     $email     = DB_get_email('name',$name);
@@ -106,8 +101,6 @@ else
   { /* normal user page */
 
     /* verify password and email */
-    if(strlen($password)!=32)
-      $password = md5($password);
 
     $ok  = 1;
     $myid = DB_get_userid('email-password',$email,$password);
-- 
cgit v1.2.3-18-g5258