lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 17:44:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security : Use password_verify() (#5660)

Browse Source
This commit is contained in:
oittaa 2022-03-30 09:27:56 +03:00 committed by GitHub
parent 8e444c3b32
commit ec5f6877f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/opnsense/mvc/app/library/OPNsense/Auth/API.php
View File

@ -171,8 +171,7 @@ class API extends Base implements IAuthConnector
// expired user
return false;
}
$passwd = crypt($password, $apiSecret);
if ($passwd == $apiSecret) {
if (password_verify($password, $apiSecret)) {
// password ok, return successfully authentication
$this->lastAuthProperties['username'] = (string)$userObject->name;
return true;

3
src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
View File

@ -158,8 +158,7 @@ class Local extends Base implements IAuthConnector
// expired user
return false;
}
$passwd = crypt($password, (string)$userObject->password);
if ($passwd == (string)$userObject->password) {
if (password_verify($password, (string)$userObject->password)) {
// password ok, return successfully authentication
return true;
}

3
src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
View File

@ -413,8 +413,7 @@ class Voucher extends Base implements IAuthConnector
$result = $stmt->execute();
$row = $result->fetchArray();
if ($row != null) {
$passwd = crypt($password, (string)$row['password']);
if ($passwd == (string)$row['password']) {
if (password_verify($password, (string)$row['password'])) {
// correct password, check validity
if ($row['starttime'] == null) {
// initial login, set starttime for counter