summaryrefslogtreecommitdiff
path: root/login.php
diff options
context:
space:
mode:
authorCarson Fleming <cflems@cflems.net>2017-02-28 17:37:57 -0500
committerCarson Fleming <cflems@cflems.net>2017-02-28 17:37:57 -0500
commita8f3669b4ea82f48edbca69742364adf2794e07f (patch)
treeb2668a0a31623a578a16622a5da6b0c924b3c071 /login.php
parent3bfe03a6f6136947eb8b9c714306d080ce889af7 (diff)
downloadbulletin-a8f3669b4ea82f48edbca69742364adf2794e07f.tar.gz
Modularized email and hashing
Diffstat (limited to 'login.php')
-rw-r--r--login.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/login.php b/login.php
index 8c723a2..135f7c7 100644
--- a/login.php
+++ b/login.php
@@ -4,12 +4,12 @@ require("inc/common.php");
if ($b_user["id"] > 0) loggedin();
if (!empty($_POST["email"]) && !empty($_POST["password"])) {
$db = new bdb() or fatal($db->error);
- $result = $db->query("SELECT id FROM users WHERE email = '".$db->escape_string($_POST["email"])."' AND password = '".hash("sha512", $_POST["password"])."' AND active = 1 LIMIT 1") or fatal($db->error);
+ $result = $db->query("SELECT id FROM users WHERE email = '".$db->escape_string($_POST["email"])."' AND password = '".bulletin_hash($_POST["password"])."' AND active = 1 LIMIT 1") or fatal($db->error);
if ($result->num_rows < 1) l_redirect('login.php?err=1');
$row = $result->fetch_assoc();
$result->free();
$token = uniqid("bu".$row["id"], true);
- $db->query("UPDATE users SET session = '".hash("sha512", $token)."' WHERE id = ".intval($row["id"])) or fatal($db->error);
+ $db->query("UPDATE users SET session = '".bulletin_hash($token)."' WHERE id = ".intval($row["id"])) or fatal($db->error);
if ($db->affected_rows < 1) fatal("Could not sync with database.");
$db->close();
setcookie($b_config['c_name'], intval($row["id"]).';'.$token, empty($_POST['remember']) ? 0 : (time()+$b_config['c_expire']), $b_config['c_path'], $b_config['c_dom'], $b_config['c_sec'], $b_config['c_http']);
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-03 02:29:21 +0000