From 9304bf1539266416e7827164186bb5d093fbe7e9 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 17 Nov 2014 14:11:37 +0100 Subject: [PATCH] Remove phpass See https://github.com/owncloud/core/pull/12226 --- lib/file.php | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/lib/file.php b/lib/file.php index c3f4b42f..74c8964e 100644 --- a/lib/file.php +++ b/lib/file.php @@ -105,16 +105,26 @@ class File { } // Check Password - $forcePortable = (CRYPT_BLOWFISH != 1); - $hasher = new \PasswordHash(8, $forcePortable); - if ( - $hasher->CheckPassword( - $password.\OC_Config::getValue('passwordsalt', ''), - $this->getPassword() - ) - ) { - // Save item id in session for future request + $newHash = ''; + if(\OC::$server->getHasher()->verify($password, $this->getPassword(), $newHash)) { \OC::$server->getSession()->set('public_link_authenticated', $shareId); + + /** + * FIXME: Migrate old hashes to new hash format + * Due to the fact that there is no reasonable functionality to update the password + * of an existing share no migration is yet performed there. + * The only possibility is to update the existing share which will result in a new + * share ID and is a major hack. + * + * In the future the migration should be performed once there is a proper method + * to update the share's password. (for example `$share->updatePassword($password)` + * + * @link https://github.com/owncloud/core/issues/10671 + */ + if(!empty($newHash)) { + + } + return true; } return false;