Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Wolfgang Knopki
simplesamlphp_sqlauthbcrypt
Commits
afc9f4da
Commit
afc9f4da
authored
Apr 25, 2013
by
chris.lewis
Browse files
removed separate salt. Salt is contained inside the main hash
parent
19cb2f94
Changes
1
Hide whitespace changes
Inline
Side-by-side
lib/Auth/Source/SQL.php
View file @
afc9f4da
...
...
@@ -52,13 +52,6 @@ class sspmod_sqlauthBcrypt_Auth_Source_SQL extends sspmod_core_Auth_UserPassBase
*/
private
$hash_column
;
/**
* The column holding the password salt.
*/
private
$salt_column
;
/**
* Constructor for this authentication source.
*
...
...
@@ -93,7 +86,6 @@ class sspmod_sqlauthBcrypt_Auth_Source_SQL extends sspmod_core_Auth_UserPassBase
$this
->
query
=
$config
[
'query'
];
$this
->
pepper
=
$config
[
'pepper'
];
$this
->
hash_column
=
$config
[
'hash_column'
];
$this
->
salt_column
=
$config
[
'salt_column'
];
}
...
...
@@ -184,9 +176,8 @@ class sspmod_sqlauthBcrypt_Auth_Source_SQL extends sspmod_core_Auth_UserPassBase
/* Validate stored password hash (must be in first row of resultset) */
$password_hash
=
$data
[
0
][
$this
->
hash_column
];
$password_salt
=
$data
[
0
][
$this
->
salt_column
];
if
(
$password_hash
!==
crypt
(
$password
.
$this
->
pepper
,
$password_
salt
))
{
if
(
$password_hash
!==
crypt
(
$password
.
$this
->
pepper
,
$password_
hash
))
{
/* Invalid password */
SimpleSAML_Logger
::
error
(
'sqlauthBcrypt:'
.
$this
->
authId
.
': Hash does not match. Wrong password or sqlauthBcrypt is misconfigured.'
);
...
...
@@ -205,8 +196,8 @@ class sspmod_sqlauthBcrypt_Auth_Source_SQL extends sspmod_core_Auth_UserPassBase
continue
;
}
if
(
$name
===
$this
->
hash_column
||
$name
===
$this
->
salt_column
)
{
/* Don't add password hash
and salt
to attributes */
if
(
$name
===
$this
->
hash_column
)
{
/* Don't add password hash to attributes */
continue
;
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment