From 1d67f33b3b62cc28d0a9845fb22776ce33adfdaa Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Wed, 18 Jun 2008 17:14:54 -0400
Subject: switch password and id in munge_password

I think this is the less effective way to salt a password, BUT...
I had a big bug in my code! All the code that was calling this
function got the order of the params mixed up. So, to save heartache,
I just reversed the order of the parameters, and reversed how the were
used in the function. It should be functionally the same as before,
but better documented.

darcs-hash:20080618211454-84dde-4772135cc92f2a51faa072e4470da3c628e1510c.gz
---
 lib/util.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/util.php b/lib/util.php
index f34a10c5b..eb019ac7e 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -366,8 +366,8 @@ function common_textarea($id, $label, $content=NULL, $instructions=NULL) {
 
 # salted, hashed passwords are stored in the DB
 
-function common_munge_password($id, $password) {
-	return md5($id . $password);
+function common_munge_password($password, $id) {
+	return md5($password . $id);
 }
 
 # check if a username exists and has matching password
-- 
cgit v1.2.3-54-g00ecf