Denis Kobozev wrote:
Here's a patch with a script to salt passwords in the database. It assumes that there already a Salt field in the Users table. Hopefully it will integrated with Linas's patches.
Linas, I think salted_hash() should not call md5() internally, otherwise it's not very useful to the script. You can take a look at the patch if I'm being ambiguous.
Best, Denis.
My idea was to simply replicate the salted_hash() code in the script when writing it. Note that your patch is not incremental to mine, although it's another way to perform a scripty change. The functions changed are the previous ones, and I also took advantage of the opportunity of adding password salting for updating the hash to sha512. The query in addsalt() function should have a WHERE Salt IS NULL. That's nicer than checking it in php. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com