Jump to content
Latest News: (loading..)

Search the Community

Showing results for tags 'password_funcs.php'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • News and Announcements
    • News and Announcements
    • Partner Announcements
    • Ambassadors
  • Commercial Support
    • Developer Feedback
  • osCommerce Online Merchant v2.x
    • General Support
    • Installation and Configuration
    • Upgrading from Earlier Versions (v2.x to v2.x)
    • Add-Ons
    • Tips and Tricks
    • Security
  • Development
    • osCommerce Online Merchant v2.4
    • osCommerce Online Merchant Community Bootstrap Edition
    • osCommerce Online Merchant v3.x
    • Development Proposals
  • General
    • OSCOMMERCE.TV
    • Next Steps / Optimizations / Marketing
    • Live Shop Reviews
    • E-Commerce Laws
    • General Discussions
    • PHP / SQL / Web Design
  • oscBooks and oscTemplates's Announcements
  • PayPal's Announcements
  • Sage Pay's Announcements
  • Solomono - new level osCommerce templates's Announcements
  • German Community's OSCOM v2.x
  • German Community's Allgemein
  • German Community's OSCOM v3.x

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Real Name


Location


Interests


Website


Skype

Found 1 result

  1. i just updated Phpass from 0.3 to 0.5 in /includes/classes/passwordhash.php http://www.openwall.com/phpass/ and changed in includes/functions/password_funcs.php in function tep_encrypt_password($plain) and in function tep_validate_password($plain, $encrypted) { this $hasher = new PasswordHash(10, true); to $hasher = new PasswordHash(10, false); i now have a 60 char blowfish hash output. before i had a 34 char hash in the database field. Is there a reason not to change it that way? i think the passwords are encrypted with a stronger hash function that way and it should be php5.3+ compatible. account creation, change password and reset password seems to work just fine. and as someone asked about max length of password in Oscommerce Discord Chat. Is there a password length limit? i dont think so. Should there be a limit? (see https://sunnysingh.io/blog/secure-passwords ) "Passwords should never be longer than 72 characters to prevent DoS attacks". Regards, Stephan
×