From a8f3669b4ea82f48edbca69742364adf2794e07f Mon Sep 17 00:00:00 2001 From: Carson Fleming Date: Tue, 28 Feb 2017 17:37:57 -0500 Subject: Modularized email and hashing --- login.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'login.php') diff --git a/login.php b/login.php index 8c723a2..135f7c7 100644 --- a/login.php +++ b/login.php @@ -4,12 +4,12 @@ require("inc/common.php"); if ($b_user["id"] > 0) loggedin(); if (!empty($_POST["email"]) && !empty($_POST["password"])) { $db = new bdb() or fatal($db->error); - $result = $db->query("SELECT id FROM users WHERE email = '".$db->escape_string($_POST["email"])."' AND password = '".hash("sha512", $_POST["password"])."' AND active = 1 LIMIT 1") or fatal($db->error); + $result = $db->query("SELECT id FROM users WHERE email = '".$db->escape_string($_POST["email"])."' AND password = '".bulletin_hash($_POST["password"])."' AND active = 1 LIMIT 1") or fatal($db->error); if ($result->num_rows < 1) l_redirect('login.php?err=1'); $row = $result->fetch_assoc(); $result->free(); $token = uniqid("bu".$row["id"], true); - $db->query("UPDATE users SET session = '".hash("sha512", $token)."' WHERE id = ".intval($row["id"])) or fatal($db->error); + $db->query("UPDATE users SET session = '".bulletin_hash($token)."' WHERE id = ".intval($row["id"])) or fatal($db->error); if ($db->affected_rows < 1) fatal("Could not sync with database."); $db->close(); setcookie($b_config['c_name'], intval($row["id"]).';'.$token, empty($_POST['remember']) ? 0 : (time()+$b_config['c_expire']), $b_config['c_path'], $b_config['c_dom'], $b_config['c_sec'], $b_config['c_http']); -- cgit v1.2.3