Dereku/snappymail
1
0
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2026-06-27 08:46:44 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Increased cost/rounds to 12 for enhanced security

Browse source
This commit is contained in:
hifihedgehog 2019-07-31 15:46:44 -04:00 committed by GitHub
parent d75641c367
commit 4640e1941b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php
View file

@ -108,7 +108,7 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha
$password_check = mysqli_fetch_assoc($result);
if (password_verify($sPrevPassword, substr($password_check['password'], 7))) {
$hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT));
$hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT, ['cost' => 12,]));
$password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'";
mysqli_query($db, $password_update_query);
$bResult = true;