Flint
Check-in [639060f344]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add missing where clause to hash update
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:639060f34429d2e97374588e3ab063de3920f052
User & Date: james 2012-07-08 04:03:10
Context
2012-07-14
17:25
Code still expects password and salt fields to exist check-in: b31d6dbef3 user: james tags: trunk
2012-07-08
04:03
Add missing where clause to hash update check-in: 639060f344 user: james tags: trunk
03:45
Switch to bcrypt for password hashing and provide password migration check-in: ebb06e3403 user: james tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to nano/session.php.

105
106
107
108
109
110
111
112

113
114



115
116
117
118
119
120
121
            if ($verify) {
                if (empty($result['hash'])) {
                    $hash = crypt($password, self::generateSalt());

                    $sql = "UPDATE users
                               SET password = '',
                                   salt     = '',
                                   hash     = :hash";


                    $bind = array('hash' => $hash);




                    Nano_Db::execute($sql, $bind);
                }

                $sql = "REPLACE INTO sessions
                                (user_id, session_id, session_date)
                         VALUES (:user, :session, datetime('now'))";







|
>

<
>
>
>







105
106
107
108
109
110
111
112
113
114

115
116
117
118
119
120
121
122
123
124
            if ($verify) {
                if (empty($result['hash'])) {
                    $hash = crypt($password, self::generateSalt());

                    $sql = "UPDATE users
                               SET password = '',
                                   salt     = '',
                                   hash     = :hash
                             WHERE id = :id";


                    $bind         = array();
                    $bind['hash'] = $hash;
                    $bind['id']   = $result['id'];

                    Nano_Db::execute($sql, $bind);
                }

                $sql = "REPLACE INTO sessions
                                (user_id, session_id, session_date)
                         VALUES (:user, :session, datetime('now'))";