[phpwiki-checkins] SF.net SVN: phpwiki:[11176] trunk

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 11176
          http://sourceforge.net/p/phpwiki/code/11176
Author:   carstenklapp
Date:     2025-03-02 22:10:43 +0000 (Sun, 02 Mar 2025)
Log Message:
-----------
Use newer password_hash function instead of crypt when available.

Modified Paths:
--------------
    trunk/config/config-dist.ini
    trunk/configurator.php

Modified: trunk/config/config-dist.ini
===================================================================

--- trunk/config/config-dist.ini	2025-03-02 12:47:42 UTC (rev 11175)
+++ trunk/config/config-dist.ini	2025-03-02 22:10:43 UTC (rev 11176)
@@ -84,7 +84,7 @@
 ;DISABLE_UNITS = true
 
 ; For a non-standard path
-;UNITS_EXE = /usr/bin/units
+; UNITS_EXE = /usr/bin/units
 ; For Mac OS X, you need to install GNU Units http://www.gnu.org/software/units/
 ; The units command shipped with Mac OS X will not work.
 ; Install e.g. with Homebrew: brew install gnu-units

Modified: trunk/configurator.php
===================================================================
--- trunk/configurator.php	2025-03-02 12:47:42 UTC (rev 11175)
+++ trunk/configurator.php	2025-03-02 22:10:43 UTC (rev 11176)
@@ -152,7 +152,7 @@
 // So nobody can see or reset the password(s).
 if (file_exists($fs_config_file)) {
     exit("Configuration config file \"$fs_config_file\" already exists.\n"
-    . "Cannot continue: You have to fix that manually.");
+    . "Cannot continue: Delete or rename config.ini to use the configurator.");
     // Require admin user
     if (!defined('ADMIN_USER') or !defined('ADMIN_PASSWD')) {
         if (!function_exists("IniConfig")) {
@@ -2221,15 +2221,19 @@
             $p .= "\n;ENCRYPTED_PASSWD = true";
             return $p;
         } else {
-            $salt_length = max(
-                CRYPT_SALT_LENGTH,
-                2 * CRYPT_STD_DES,
-                9 * CRYPT_EXT_DES,
-                12 * CRYPT_MD5,
-                16 * CRYPT_BLOWFISH
-            );
-            // generate an encrypted password
-            $crypt_pass = crypt($posted_value, rand_ascii($salt_length));
+            if (!function_exists('password_hash')) {
+                $salt_length = max(
+                    CRYPT_SALT_LENGTH,
+                    2 * CRYPT_STD_DES,
+                    9 * CRYPT_EXT_DES,
+                    12 * CRYPT_MD5,
+                    16 * CRYPT_BLOWFISH
+                );
+                // generate an encrypted password
+                $crypt_pass = crypt($posted_value, rand_ascii($salt_length));
+            } else {
+                $crypt_pass = password_hash($posted_value, PASSWORD_DEFAULT);
+            }
             $p = "$n" . $this->_config_format($crypt_pass);
             return $p . "\nENCRYPTED_PASSWD = true";
         }

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



