Skip to content

Commit

Permalink
Fix: do no and never store an unhashed password! never!
Browse files Browse the repository at this point in the history
  • Loading branch information
@auge8472
auge8472 committed May 20, 2018
1 parent c32b054 commit 05aedc5
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion install/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,8 @@
$errors[] = 'It was impossible to create the settings table. Please report the error to the project maintainer.';
$errors[] = mysqli_error($conn);
} else {
$qPutSettings = "INSERT INTO remGPC_Settings VALUES ('datasets_per_page', ". intval($op_entries_pp) .", 'number'), ('user', '". mysqli_real_escape_string($conn, $usr_name) ."', 'text'), ('pass', '". mysqli_real_escape_string($conn, $usr_pass) ."', 'password'), ('textarea_x', 45, 'number'), ('textarea_y', 14, 'number')";
$usr_passc = password_hash($usr_pass, PASSWORD_DEFAULT, array('cost' => 12));
$qPutSettings = "INSERT INTO remGPC_Settings VALUES ('datasets_per_page', ". intval($op_entries_pp) .", 'number'), ('user', '". mysqli_real_escape_string($conn, $usr_name) ."', 'text'), ('pass', '". mysqli_real_escape_string($conn, $usr_passc) ."', 'password'), ('textarea_x', 45, 'number'), ('textarea_y', 14, 'number')";
$rPutSettings = dBase_Ask_Database($qPutSettings, $conn);
if ($rPutSettings === false) {
$errors[] = 'Could not write the settings to the database table.';
Expand Down

0 comments on commit 05aedc5

Please sign in to comment.