Revision 961f240c
Added by Viktor Gurov over 3 years ago
| src/etc/inc/auth.inc | ||
|---|---|---|
| 816 | 816 |
unset($user['password']); |
| 817 | 817 |
unset($user['md5-hash']); |
| 818 | 818 |
unset($user['bcrypt-hash']); |
| 819 |
$salt = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16);
|
|
| 819 |
$salt = substr(bin2hex(random_bytes(16)),0,16);
|
|
| 820 | 820 |
$user['sha512-hash'] = crypt($password, '$6$'. $salt . '$'); |
| 821 | 821 |
if (($user['name'] == $config['hasync']['username']) && |
| 822 | 822 |
($config['hasync']['adminsync'] == 'on')) {
|
Also available in: Unified diff
Use random_bytes() to generate salt for SHA512 password hashing. Fixes #12801