Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted September 16, 20159 yr Is this still true? $hash = md5( md5( $salt ) . md5( $password ) ); Source
September 16, 20159 yr No. /** * Encrypt a plaintext password * * @param string $password Password to encrypt * @return string Encrypted password * @todo [Future] When we increase minimum PHP version, adjust blowfish to $2y$ */ public function encryptedPassword( $password ) { /* New password style introduced in IPS4 using Blowfish */ if ( mb_strlen( $this->members_pass_salt ) === 22 ) { return crypt( $password, '$2a$13$' . $this->members_pass_salt ); } /* Old encryption style using md5 */ else { return md5( md5( $this->members_pass_salt ) . md5( \IPS\Request::legacyEscape( $password ) ) ); } }
Archived
This topic is now archived and is closed to further replies.