hoo2/InformationSystemsSecurity
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix plain text in user authendication -- part 2.

Browse Source
This commit is contained in:
Christos Choutouridis 2026-01-11 21:06:49 +02:00
parent c06e1bd64b
commit a4f839bfc5
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
passman-dev/php/passman/register.php
View File

@ -37,8 +37,17 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
$login_message = "Database error (prepare failed)."; $login_message = "Database error (prepare failed).";
$result = false; $result = false;
} else { } else {
$stmt->bind_param("ss", $new_username, $new_password); // Hash the password before storing it.
$result = $stmt->execute(); // Never store login passwords in plaintext.
$password_hash = password_hash($new_password, PASSWORD_DEFAULT);
if ($password_hash === false) {
$login_message = "Password hashing failed.";
$result = false;
} else {
// Store the hash (not the plaintext password).
$stmt->bind_param("ss", $new_username, $password_hash);
$result = $stmt->execute();
}
$stmt->close(); $stmt->close();
} }