Denis Kobozev wrote: > Here's a patch with a script to salt passwords in the database. It > assumes that there already a Salt field in the Users table. Hopefully > it will integrated with Linas's patches. > > Linas, I think salted_hash() should not call md5() internally, > otherwise it's not very useful to the script. You can take a look at > the patch if I'm being ambiguous. > > Best, > Denis. >
My idea was to simply replicate the salted_hash() code in the script when writing it. Note that your patch is not incremental to mine, although it's another way to perform a scripty change. The functions changed are the previous ones, and I also took advantage of the opportunity of adding password salting for updating the hash to sha512. The query in addsalt() function should have a WHERE Salt IS NULL. That's nicer than checking it in php. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com