http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8753 --- Comment #28 from Chris Cormack <chris@bigballofwax.co.nz> --- Comment on attachment 24781 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=24781 Bug 8753 - Add forgot password link to OPAC Review of attachment 24781: --> (http://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=8753&attachment=24781) ----------------------------------------------------------------- ::: opac/opac-password-recovery.pl @@ +135,5 @@
+ if ( ($borrower_number) + && ( $password eq $repeatPassword ) + && ( length($password) >= $minPassLength ) ) + { #apply changes + changepassword( $username, $borrower_number, md5_base64($password) );
We no longer md5 hash the password in Koha, you should do use Koha::AuthUtils; hash_password($password) instead. (It's using bcrypt with a salt). Old passwords still work, we check both, but anytime people change their password it should be hashed with the much more secure bcrypt -- You are receiving this mail because: You are watching all bug changes.