free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Blog password hashing

Bob Mottram 9 years ago
parent
490dcdac4a
commit
d9795a2c3a
2 changed files with 14 additions and 4 deletions
Split View Show Diff Stats
  1. 7
    2
      src/freedombone
  2. 7
    2
      src/freedombone-adduser

+ 7
- 2
src/freedombone View File 

@@ -8074,9 +8074,14 @@ function install_blog {
8074 8074 
 	fi
8075 8075
8076 8076 
 	# create a user
8077 
+	FULLBLOG_ADMIN_PASSWORD_HASH=$(freedombone-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD")
8078 
+	if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then
8079 
+		echo $'Blog admin password could not be hashed'
8080 
+		exit 625728
8081 
+	fi
8077 8082 
 	echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
8078 
-	echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
8079 
-	echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
8083 
+	echo "password = '$FULLBLOG_ADMIN_PASSWORD_HASH'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
8084 
+	echo 'encryption = bcrypt' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
8080 8085 
 	echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
8081 8086 
 	echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
8082 8087

+ 7
- 2
src/freedombone-adduser View File 

@@ -247,9 +247,14 @@ if grep -q "Blog domain" $COMPLETION_FILE; then
247 247 
 		userdel -r $MY_USERNAME
248 248 
 		exit 9
249 249 
 	fi
250 
+	NEW_USER_PASSWORD_HASH=$(freedombone-sec --bloghash "$NEW_USER_PASSWORD")
251 
+	if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then
252 
+		echo $'Blog admin password could not be hashed'
253 
+		exit 783528
254 
+	fi
250 255 
 	echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
251 
-	echo "password = '$NEW_USER_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
252 
-	echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
256 
+	echo "password = '$NEW_USER_PASSWORD_HASH'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
257 
+	echo 'encryption = bcrypt' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
253 258 
 	echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
254 259 
 	echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
255 260 
 	echo "$MY_USERNAME added as a blog user"