From 290c436046327d9f04b7d12b5fda19f4dc14f574 Mon Sep 17 00:00:00 2001
From: Denis <d.v.kobozev@gmail.com>
Date: Mon, 5 Apr 2010 09:41:30 -0400
Subject: Support for storing salted passwords

To upgrade existing databases:

ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT '';

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
---
 web/lib/aur.inc | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'web/lib/aur.inc')

diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index e0521ab..8ccce89 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -455,3 +455,34 @@ function mkurl($append) {
 
 	return substr($out, 5);
 }
+
+function get_salt($user_id)
+{
+	$dbh = db_connect();
+	$salt_q = "SELECT Salt FROM Users WHERE ID = '$user_id'";
+	$salt_result = mysql_fetch_row(db_query($salt_q, $dbh));
+	return $salt_result[0];
+}
+
+function save_salt($user_id, $passwd)
+{
+	$dbh = db_connect();
+	$salt = generate_salt();
+	$hash = salted_hash($passwd, $salt);
+	$salting_q = "UPDATE Users SET Salt = '$salt'" .
+		", Passwd = '$hash' WHERE ID = '$user_id'";
+	return db_query($salting_q, $dbh);
+}
+
+function generate_salt()
+{
+	return md5(uniqid(rand(), true));
+}
+
+function salted_hash($passwd, $salt)
+{
+	if (strlen($salt) != 32) {
+		trigger_error('Salt does not look like an md5 hash', E_USER_WARNING);
+	}
+	return md5($salt . $passwd);
+}
-- 
cgit v1.2.3-54-g00ecf