Updated mysql auth to use PHPass #101

merged 5 commits into from Feb 26, 2014


None yet

2 participants

laf commented Feb 23, 2014

Mysql authentication will now use PHPass rather than relying on PHP's crypt function. It takes care of salting the password and validating against user input on the password itself.

An update is done to the mysql DB to increase the password length to 60 characters. A check is done for users logging in using the old format and the details are updated to the new encryption type.

028.sql is included to take care of the db schema change.

laf commented Feb 25, 2014

Thanks Paul.

I've updated line 54 to $output.

Not sure the check is relevant, both openssl and urandom generate the string at the length we want, the final fall back iterates until $output is the length of $count.

I've tried to keep this as simple as possible so that updates from PHPass at a later stage can be easily done.

@paulgear paulgear merged commit 997dc3d into librenms:master Feb 26, 2014

1 check passed

default Scrutinizer: No new issues
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment