Details

      Description

      Looking in phpbb/auth/provider/db.php it does a lot of things manually with the password such as hashing and converting when needed. All that functionality can be deprecated with the use of https://github.com/ircmaxell/password_compat which is a compatibility library which implements PHP 5.5's new password_* functions. See http://ca1.php.net/manual/en/book.password.php The library should be conditionally included if the core functions are not available.

      This should be the preferred way of handling user passwords in a secure and future proof way.

        Attachments

          Activity

            People

            • Assignee:
              bantu Andreas Fischer
              Reporter:
              joelk2 joelk2 [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: