- $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
- ','.DB_quote_smart($_REQUEST['Remail']).
- ','.DB_quote_smart(md5($_REQUEST['Rpassword'])).
- ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+ // create a password hash using the crypt function, need php 5.3 for this
+ // create a random salt
+ $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+ // hash incoming password using 12 rounds of blowfish
+ $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt);
+
+ if(strlen($hash)>13)
+ {
+ $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+ ','.DB_quote_smart($_REQUEST['Remail']).
+ ','.DB_quote_smart($hash).
+ ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+ }
+ else /* hash function didn't work */
+ $r=0;