Ticket #1380: ampusers-sha256.patch

File ampusers-sha256.patch, 1.3 kB (added by pvanstam, 5 years ago)

Patch file for modifying ampusers table to encrypt password with SHA256

  • admin/header_auth.php

    old new  
    2222        // not logged in, and have provided a user/pass 
    2323        $_SESSION['AMP_user'] = new ampuser($_SERVER['PHP_AUTH_USER']); 
    2424         
    25         if (!$_SESSION['AMP_user']->checkPassword($_SERVER['PHP_AUTH_PW'])) { 
     25        if (!$_SESSION['AMP_user']->checkPassword(hash("sha256", $_SERVER['PHP_AUTH_PW']))) { 
    2626          // failed, one last chance -- fallback to amportal.conf db admin user 
    2727          if ( (count(getAmpAdminUsers()) == 0) && ($_SERVER['PHP_AUTH_USER'] == $amp_conf['AMPDBUSER'])  
    2828            && ($_SERVER['PHP_AUTH_PW'] == $amp_conf['AMPDBPASS'])) {