Commit b5c5ac04 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Do not use last encoding as the new salt when changing the password.

The practical effect was that new passwords were still using the
ancient crypt algorithm, while new users were getting modern crypt.
parent 2c7b6c7a
......@@ -437,6 +437,12 @@ if ((isset($password1) && strcmp($password1, "")) &&
return;
}
#
# Do it again. This ensures we use the current algorithm, not whatever
# it was encoded with last time.
#
$new_encoding = crypt("$password1");
#
# Insert into database. When changing password for someone else,
# always set the expiration to right now so that the target user
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment