Fixes #3641 Explicit SHA encoding of tokens to avoid ppolicy messing with it

8a5435c5 · Côme Bernigaud · Benoit Mortier · 6c0b290c · 8a5435c5
Commit 8a5435c5 authored 10 years ago by Côme Bernigaud Committed by Benoit Mortier 10 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 2 additions and 2 deletions
+2 -2
--- a/html/class_passwordRecovery.inc
+++ b/html/class_passwordRecovery.inc
@@ -334,7 +334,7 @@ class passwordRecovery {
  {
    /* Store it in ldap with the salt */
    $salt_temp_password = $this->salt.$temp_password.$this->salt;
-    $sha1_temp_password = sha1($salt_temp_password);
+    $sha1_temp_password = "{SHA}".base64_encode(pack("H*", sha1($salt_temp_password)));
    $ldap = $this->config->get_ldap_link();
@@ -380,7 +380,7 @@ class passwordRecovery {
  function checkToken($token)
  {
    $salt_token = $this->salt.$token.$this->salt;
-    $sha1_token = sha1($salt_token);
+    $sha1_token = "{SHA}".base64_encode(pack("H*", sha1($salt_token)));
    /* Retrieve hash from the ldap */
    $ldap = $this->config->get_ldap_link();