Use Argon2 instead of bcrypt
Passwords currently stored under bcrypt are not automatically converted. Argon2 is only used for new passwords from this moment on.
This commit is contained in:
parent
7b86673590
commit
6a1be5ac2f
|
@ -9,7 +9,7 @@ This tool regularly checks if people are still alive according to Wikipedia, and
|
|||
|
||||
## Development
|
||||
### Requirements
|
||||
* PHP 8.1+ (i.e. `apt install php php-cgi`)
|
||||
* PHP 8.1+ (i.e. `apt install php php-cgi`) (compiled with Argon2 support)
|
||||
* [PHP cURL](https://www.php.net/manual/en/book.curl.php) (i.e. `apt install php-curl`)
|
||||
* [PHP DOM](https://www.php.net/manual/en/book.dom.php) (i.e. `apt install php-dom`)
|
||||
* [PHP SQLite 3](https://www.php.net/manual/en/book.sqlite3.php) (i.e. `apt install php-sqlite3`)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"name": "fwdekker/death-notifier",
|
||||
"description": "Get notified when a famous person dies.",
|
||||
"version": "1.1.2", "_comment_version": "Also update version in `package.json`!",
|
||||
"version": "1.2.0", "_comment_version": "Also update version in `package.json`!",
|
||||
"type": "project",
|
||||
"license": "MIT",
|
||||
"homepage": "https://git.fwdekker.com/tools/death-notifier",
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "death-notifier",
|
||||
"version": "1.1.2", "_comment_version": "Also update version in `composer.json`!",
|
||||
"version": "1.2.0", "_comment_version": "Also update version in `composer.json`!",
|
||||
"description": "Get notified when a famous person dies.",
|
||||
"author": "Florine W. Dekker",
|
||||
"browser": "dist/bundle.js",
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
;<?php exit(); ?>
|
||||
|
||||
[admin]
|
||||
# bcrypt hash of password to use the CLI of `api.php`. If set to its default value, or if empty, the CLI is disabled.
|
||||
# PHC formatted hash of password to use the CLI of `api.php`. If set to its default value, or if empty, the CLI is
|
||||
# disabled.
|
||||
cli_password = REPLACE THIS WITH A SECRET VALUE
|
||||
|
||||
[database]
|
||||
|
|
|
@ -104,7 +104,7 @@ class UserList
|
|||
VALUES (:email, :password)
|
||||
RETURNING email_verification_token;");
|
||||
$stmt->bindValue(":email", $email);
|
||||
$stmt->bindValue(":password", password_hash($password, PASSWORD_BCRYPT));
|
||||
$stmt->bindValue(":password", password_hash($password, PASSWORD_ARGON2ID));
|
||||
$stmt->execute();
|
||||
return $stmt->fetchAll(PDO::FETCH_ASSOC)[0]["email_verification_token"];
|
||||
}
|
||||
|
@ -270,7 +270,7 @@ class UserList
|
|||
password_reset_token=null
|
||||
WHERE uuid=:uuid;");
|
||||
$stmt->bindValue(":uuid", $uuid);
|
||||
$stmt->bindValue(":password", password_hash($password, PASSWORD_BCRYPT));
|
||||
$stmt->bindValue(":password", password_hash($password, PASSWORD_ARGON2ID));
|
||||
$stmt->execute();
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue