X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fregister.php;h=72e9ad26bbc81fdcc37b115a296346c87f9005b8;hp=a1370ea52803f9b6c90e686989e8f4f87d9b4979;hb=a38183cf36a31f4372a5e37d09c6312a9fa267f7;hpb=90e831805a19358ab5a76c569181f72bc3534cb8
diff --git a/include/register.php b/include/register.php
index a1370ea..72e9ad2 100644
--- a/include/register.php
+++ b/include/register.php
@@ -94,7 +94,7 @@ if(myisset('Rfullname','Remail','Rtimezone') )
}
if($robot==0)
{
- echo _('You answered the math question wrong.').'
\n';
+ echo _('You answered the math question wrong.').'
'."\n";
$ok=0;
}
/* everything ok, go ahead and create user */
@@ -102,10 +102,21 @@ if(myisset('Rfullname','Remail','Rtimezone') )
{
if(myisset('Rpassword'))
{
- $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
- ','.DB_quote_smart($_REQUEST['Remail']).
- ','.DB_quote_smart(md5($_REQUEST['Rpassword'])).
- ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+ // create a password hash using the crypt function, need php 5.3 for this
+ // create a random salt
+ $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+ // hash incoming password using 12 rounds of blowfish
+ $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt);
+
+ if(strlen($hash)>13)
+ {
+ $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+ ','.DB_quote_smart($_REQUEST['Remail']).
+ ','.DB_quote_smart($hash).
+ ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+ }
+ else /* hash function didn't work */
+ $r=0;
}
else if(myisset('Ropenid'))
{
@@ -113,7 +124,7 @@ if(myisset('Rfullname','Remail','Rtimezone') )
$r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
','.DB_quote_smart($_REQUEST['Remail']).
','.DB_quote_smart(md5($password)).
- ','.DB_quote_smart($_REQUEST['Rtimezone').',NULL,NULL)');
+ ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
if($r)
{
include_once('openid.php');
@@ -139,7 +150,7 @@ if(myisset('Rfullname','Remail','Rtimezone') )
}
else
{
- echo 'Could not register you. Please try again! \n';
+ echo '
Could not register you. Please try again! '."\n";
}
}
else