Changeset:
63694681b1aa
https://sourceforge.net/p/mrbs/hg-code/ci/63694681b1aa118ed271951d2b8487dd6edf8cce
Author:
Campbell Morrison <[email protected]>
Date:
Thu Oct 01 16:28:45 2015 +0100
Log message:
Added some error handling to cover the case when a database has been migrated
from a PHP system where crypt() works to one where it doesn't (Unlikely to
hapen except during development testing).
diffstat:
web/auth/auth_db.inc | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diffs (21 lines):
diff -r d64c4a54c3a7 -r 63694681b1aa web/auth/auth_db.inc
--- a/web/auth/auth_db.inc Thu Oct 01 15:11:47 2015 +0100
+++ b/web/auth/auth_db.inc Thu Oct 01 16:28:45 2015 +0100
@@ -70,6 +70,17 @@
$do_rehash = true;
}
}
+ elseif (!PasswordCompat\binary\check())
+ {
+ // password_verify() failed and we are using a version of PHP where
+ // crypt() is broken and so we are stuck, unable to verify the
+ // password. What has probably happened is that the passwords were
+ // created on a system running PHP >= 5.3.7 and since then the database
+ // was migrated to a system running PHP < 5.3.7. For further details
+ // see
http://stackoverflow.com/questions/12459896/password-compat-for-older-php-version
+ trigger_error("Password created in a newer version of PHP and cannot be
checked in this version",
+ E_USER_WARNING);
+ }
}
/* Otherwise it's a legacy MD5 hash */
else
------------------------------------------------------------------------------
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
