Rev 1106 | Rev 1116 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1106 | Rev 1107 | ||
---|---|---|---|
Line 208... | Line 208... | ||
208 | } else { |
208 | } else { |
209 | $passwordDataArray = $cfgData; // Multiple Administrator passwords |
209 | $passwordDataArray = $cfgData; // Multiple Administrator passwords |
210 | } |
210 | } |
211 | 211 | ||
212 | foreach ($passwordDataArray as $passwordData) { |
212 | foreach ($passwordDataArray as $passwordData) { |
213 | if (strpos($passwordData, '$') !== false) { |
213 | if (str_starts_with($passwordData, '$')) { |
214 | if ($passwordData[0] == '$') { |
- | |
215 | // Version 3: BCrypt |
214 | // Version 3: BCrypt (or any other crypt) |
216 | if (password_verify($password, $passwordData)) return true; |
215 | $ok = password_verify($password, $passwordData); |
217 | } else { |
216 | } else if (strpos($passwordData, '$') !== false) { |
218 | // Version 2: SHA3-512 with salt |
217 | // Version 2: SHA3-512 with salt |
219 | list($s_salt, $hash) = explode('$', $passwordData, 2); |
218 | list($salt, $hash) = explode('$', $passwordData, 2); |
220 | } |
- | |
- | 219 | $ok = hash_equals(sha3_512($salt.$password, true), base64_decode($hash)); |
|
221 | } else { |
220 | } else { |
222 | // Version 1: SHA3-512 without salt |
221 | // Version 1: SHA3-512 without salt |
223 | $s_salt = ''; |
- | |
224 | $hash = $passwordData; |
222 | $ok = hash_equals(sha3_512($password, true), base64_decode($passwordData)); |
225 | } |
223 | } |
226 | - | ||
227 | if (hash_equals(sha3_512($s_salt.$password, true), base64_decode($hash))) return true; |
224 | if ($ok) return true; |
228 | } |
225 | } |
229 | 226 | ||
230 | return false; |
227 | return false; |
231 | } |
228 | } |
232 | 229 | ||
Line 357... | Line 354... | ||
357 | // Generate admin password |
354 | // Generate admin password |
358 | 355 | ||
359 | /* Nothing here; the admin password will be generated in setup_base.js , purely in the web-browser */ |
356 | /* Nothing here; the admin password will be generated in setup_base.js , purely in the web-browser */ |
360 | 357 | ||
361 | } |
358 | } |
362 | - |