quanta icon indicating copy to clipboard operation
quanta copied to clipboard
verified publisher icon quantacms

Create a hook to change the password generation algorithm

Open Aldus83 opened this issue 7 years ago • 0 comments

Currently we are using a standard MD5 / salt algorithm to store passwords. It would be good to let the user choose a personal algorithm in his modules, to open the way to different, customizable encryption methods.

https://github.com/quantacms/quanta/blob/da54fd0a03da729c8af788124bae926f8bcafecb/src/modules/user/classes/Common/UserFactory.class.php#L250

  1. Pass $env variable to the passwordEncrypt() method, wherever it's called (so it will look like -passwordEncrypt($env, $pass)

  2. Create a hook function that will allow other modules to change the default algorithm so it will look something like this

$vars = array('string' => $string)
$env->hook('passwordEncrypt', &$vars) 
if (!isset($vars['encrypted_string'])) {
   $encrypted_string = substr((md5(substr($pass, 0, 5) . 'ABC' . substr($pass, 5, 2) . 'nginE')) . md5($pass), 0, 50);
}
else {
  $encrypted_string = $vars['encrypted_string'];
}
return $encrypted_string;

Aldus83 avatar Nov 13 '18 10:11 Aldus83