From 4640e1941bf79d0862dccfa6fe2fc51b199cde01 Mon Sep 17 00:00:00 2001
From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com>
Date: Wed, 31 Jul 2019 15:46:44 -0400
Subject: [PATCH] Increased cost/rounds to 12 for enhanced security

---
 plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php
index 031aef08a..150ed5edb 100644
--- a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php
+++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php
@@ -108,7 +108,7 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha
 			$password_check = mysqli_fetch_assoc($result);
             
 			if (password_verify($sPrevPassword, substr($password_check['password'], 7))) {
-				$hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT));
+				$hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT, ['cost' => 12,]));
 				$password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'";
 				mysqli_query($db, $password_update_query);
 				$bResult = true;