Create a hook to change the password generation algorithm #199

Aldus83 · 2018-11-13T10:12:55Z

Currently we are using a standard MD5 / salt algorithm to store passwords.
It would be good to let the user choose a personal algorithm in his modules, to open the way to different, customizable encryption methods.

quanta/src/modules/user/classes/Common/UserFactory.class.php

Line 250 in da54fd0

public static function passwordEncrypt($pass) {

Pass $env variable to the passwordEncrypt() method, wherever it's called (so it will look like -passwordEncrypt($env, $pass)
Create a hook function that will allow other modules to change the default algorithm
so it will look something like this

$vars = array('string' => $string)
$env->hook('passwordEncrypt', &$vars) 
if (!isset($vars['encrypted_string'])) {
   $encrypted_string = substr((md5(substr($pass, 0, 5) . 'ABC' . substr($pass, 5, 2) . 'nginE')) . md5($pass), 0, 50);
}
else {
  $encrypted_string = $vars['encrypted_string'];
}
return $encrypted_string;

The text was updated successfully, but these errors were encountered:

Aldus83 added security users and roles labels Nov 13, 2018

Aldus83 added this to the Unbreakable Quanta: raising Security levels milestone Nov 13, 2018

Aldus83 self-assigned this Nov 13, 2018

Aldus83 assigned damianoIlacqua Jan 28, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create a hook to change the password generation algorithm #199

Create a hook to change the password generation algorithm #199

Aldus83 commented Nov 13, 2018 •

edited

Create a hook to change the password generation algorithm #199

Create a hook to change the password generation algorithm #199

Comments

Aldus83 commented Nov 13, 2018 • edited

Aldus83 commented Nov 13, 2018 •

edited