githubFork/roundcubemail.git - Solinfo Gitblit

githubFork / roundcubemail

Roundcubemail devel

blame | history | patch | commit | commitdiff | ignore whitespace

Fix generation of Blowfish-based password hashes (#1490184)

Aleksander Machniak

2014-12-09 753c8849accbbe0cb3ebef01e8b3e2ff3481a336

 plugins/password/drivers/sql.php

@@ -34,8 +34,9 @@
            $db = $rcmail->get_dbh();
        }

        if ($err = $db->is_error())
        if ($db->is_error()) {
            return PASSWORD_ERROR;
        }

        // crypted password
        if (strpos($sql, '%c') !== FALSE) {
@@ -59,8 +60,10 @@
                $len = 2;
                break;
            case 'blowfish':
                $len = 22;
                $salt_hashindicator = '$2a$';
                $cost = (int) $rcmail->config->get('password_blowfish_cost');
                $cost = $cost < 4 || $cost > 31 ? 12 : $cost;
                $len  = 22;
                $salt_hashindicator = sprintf('$2a$%02d$', $cost);
                break;
            case 'sha256':
                $len = 16;
@@ -183,8 +186,8 @@
        $res = $db->query($sql, $sql_vars);

        if (!$db->is_error()) {
            if (strtolower(substr(trim($query),0,6))=='select') {
                if ($result = $db->fetch_array($res))
            if (strtolower(substr(trim($sql),0,6)) == 'select') {
                if ($db->fetch_array($res))
                    return PASSWORD_SUCCESS;
            } else {
                // This is the good case: 1 row updated