* [ADD] Switched to BCRYPT for hashing passwords and key derivation. …

…WARNING: Master password should be reentered by users (you can use a temporary password) * [MOD] Some tweaks on forms passwords decryption * [FIX] Fixed issue when blank custom fields are retrieved for an item.
nuxsmin · Sep 30, 2015 · ac5ec0e · ac5ec0e
1 parent 55bd64e
commit ac5ec0e
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/inc/Upgrade.class.php b/inc/Upgrade.class.php
@@ -119,7 +119,7 @@ private static function upgradeTo($version)
                 break;
             case 12002:
                 $queries[] = 'ALTER TABLE config CHANGE config_value config_value VARCHAR(255);';
-                $queries[] = 'ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(128);';
+                $queries[] = 'ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(255);';
                 $queries[] = 'ALTER TABLE usrData CHANGE user_hashSalt user_hashSalt VARBINARY(128);';
                 $queries[] = 'ALTER TABLE accHistory CHANGE acchistory_mPassHash acchistory_mPassHash VARBINARY(255);';
                 break;

diff --git a/inc/dbstructure.sql b/inc/dbstructure.sql
@@ -50,7 +50,7 @@ CREATE TABLE `accHistory` (
   `acchistory_dateEdit` datetime NOT NULL,
   `acchistory_isModify` bit(1) DEFAULT NULL,
   `acchistory_isDeleted` bit(1) DEFAULT NULL,
-  `acchistory_mPassHash` varbinary(128) NOT NULL,
+  `acchistory_mPassHash` varbinary(255) NOT NULL,
   `accHistory_otherUserEdit` bit(1) DEFAULT b'0',
   `accHistory_otherGroupEdit` bit(1) DEFAULT b'0',
   PRIMARY KEY (`acchistory_id`),
@@ -123,7 +123,7 @@ CREATE TABLE `categories` (
 
 CREATE TABLE `config` (
   `config_parameter` varchar(50) CHARACTER SET utf8 COLLATE utf8_spanish_ci NOT NULL,
-  `config_value` varchar(128) CHARACTER SET utf8 COLLATE utf8_spanish_ci NOT NULL,
+  `config_value` varchar(255) CHARACTER SET utf8 COLLATE utf8_spanish_ci NOT NULL,
   UNIQUE KEY `vacParameter` (`config_parameter`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
@@ -189,7 +189,7 @@ CREATE TABLE `usrData` (
   `user_isAdminAcc` bit(1) NOT NULL DEFAULT b'0',
   `user_isLdap` bit(1) NOT NULL DEFAULT b'0',
   `user_isDisabled` bit(1) NOT NULL DEFAULT b'0',
-  `user_hashSalt` varbinary(40) NOT NULL,
+  `user_hashSalt` varbinary(128) NOT NULL,
   `user_isMigrate` bit(1) DEFAULT b'0',
   `user_isChangePass` bit(1) DEFAULT b'0',
   `user_preferences` blob,

diff --git a/sql/upgrade.sql b/sql/upgrade.sql
@@ -38,6 +38,6 @@ CREATE TABLE `customFieldsDef` (`customfielddef_id` int(10) unsigned NOT NULL AU
 CREATE TABLE `customFieldsData` (`customfielddata_id` int(10) unsigned NOT NULL AUTO_INCREMENT,`customfielddata_moduleId` smallint(5) unsigned NOT NULL,`customfielddata_itemId` int(10) unsigned NOT NULL,`customfielddata_defId` int(10) unsigned NOT NULL,`customfielddata_data` longblob,`customfielddata_iv` varbinary(128) DEFAULT NULL, PRIMARY KEY (`customfielddata_id`), KEY `IDX_DEFID` (`customfielddata_defId`), KEY `IDX_DELETE` (`customfielddata_itemId`,`customfielddata_moduleId`), KEY `IDX_UPDATE` (`customfielddata_moduleId`,`customfielddata_itemId`,`customfielddata_defId`), KEY `IDX_ITEM` (`customfielddata_itemId`), KEY `IDX_MODULE` (`customfielddata_moduleId`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- To 1.2.0.2
 ALTER TABLE config CHANGE config_value config_value VARCHAR(255);
-ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(128);
+ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(255);
 ALTER TABLE usrData CHANGE user_hashSalt user_hashSalt VARBINARY(128);
 ALTER TABLE accHistory CHANGE acchistory_mPassHash acchistory_mPassHash VARBINARY(255);