auth: tweak previous, hide implementation details; closes #1282

2026-03-14 16:44:39 +00:00 · 2016-11-28 18:36:26 +01:00 · 2016-11-28 18:36:26 +01:00 · bd2d28c622
commit bd2d28c622
parent 2a025de404
3 changed files with 10 additions and 16 deletions
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@ -488,14 +488,16 @@ function local_user_del($user)

 function local_user_set_password(&$user, $password)
 {
-    $user['password'] = generate_password_hash($password, 10);
+    $cost = 10;

-    // Converts ascii to unicode.
-    $astr = (string) $password;
-    $ustr = '';
-    for ($i = 0; $i < strlen($astr); $i++) {
-        $a = ord($astr{$i}) << 8;
-        $ustr.= sprintf("%X", $a);
+    $hash = password_hash($password, PASSWORD_BCRYPT, [ 'cost' => $cost ]);
+    if ($hash !== false) {
+        /*
+         * $2y$ returned is supported in FreeBSD 11.0 and up,
+         * but we started with FreeBSD 10.3 so need to fix:
+         */
+        $hash[2] = 'b';
+        $user['password'] = $hash;
    }
 }

--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@ -1575,11 +1575,3 @@ function is_install_media()

    return true;
 }
-
-function generate_password_hash($password, $cost = 10)
-{
-    $hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => $cost]);
-    // at the moment of writing FreeBSD can't recognise $2y$... as bcrypt, $2b$ is needed
-    $hash[2] = 'b';
-    return $hash;
-}
--- a/src/www/system_usermanager_passwordmg.php
+++ b/src/www/system_usermanager_passwordmg.php
@ -58,7 +58,7 @@ if (isset($_POST['save'])) {

    if (count($input_errors) == 0) {
        // all values are okay --> saving changes
-        $config['system']['user'][$userindex[$username]]['password'] = generate_password_hash($_POST['passwordfld1'], 10);
+        local_user_set_password($config['system']['user'][$userindex[$username]], $_POST['passwordfld1']);
        local_user_set($config['system']['user'][$userindex[$username]]);

        write_config();