[Koha-bugs] [Bug 8753] Add forgot password link to OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jan 28 00:20:32 CET 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8753
--- Comment #28 from Chris Cormack <chris at bigballofwax.co.nz> ---
Comment on attachment 24781
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=24781
Bug 8753 - Add forgot password link to OPAC
Review of attachment 24781:
--> (http://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=8753&attachment=24781)
-----------------------------------------------------------------
::: opac/opac-password-recovery.pl
@@ +135,5 @@
> + if ( ($borrower_number)
> + && ( $password eq $repeatPassword )
> + && ( length($password) >= $minPassLength ) )
> + { #apply changes
> + changepassword( $username, $borrower_number, md5_base64($password) );
We no longer md5 hash the password in Koha, you should do
use Koha::AuthUtils;
hash_password($password) instead.
(It's using bcrypt with a salt). Old passwords still work, we check both, but
anytime people change their password it should be hashed with the much more
secure bcrypt
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list