improve password storage (use sha256 and long random salt)

bump schema

include/functions.php

@@ -701,20 +701,59 @@
 
 					// First login ?
 					if (db_num_rows($result) == 0) {
-						$pwd_hash = encrypt_password(make_password(), $login);
+						$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+						$pwd_hash = encrypt_password($password, $salt, true);
 
 						$query2 = "INSERT INTO ttrss_users
-								(login,access_level,last_login,created,pwd_hash)
+								(login,access_level,last_login,created,pwd_hash,salt)
-								VALUES ('$login', 0, null, NOW(), '$pwd_hash')";
+								VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
 						db_query($link, $query2);
 					}
 				}
 
 			} else {
-				$query = "SELECT id,login,access_level,pwd_hash
+				$result = db_query($link, "SELECT salt FROM ttrss_users WHERE
-	            FROM ttrss_users WHERE
+					login = '$login'");
-					login = '$login' AND (pwd_hash = '$pwd_hash1' OR
+
+				$salt = db_fetch_result($result, 0, "salt");
+
+				if ($salt == "") {
+
+					$query = "SELECT id,login,access_level,pwd_hash
+		            FROM ttrss_users WHERE
+						login = '$login' AND (pwd_hash = '$pwd_hash1' OR
 						pwd_hash = '$pwd_hash2')";
+
+					// verify and upgrade password to new salt base
+
+					$result = db_query($link, $query);
+
+					if (db_num_rows($result) == 1) {
+						// upgrade password to MODE2
+
+						$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+						$pwd_hash = encrypt_password($password, $salt, true);
+
+						db_query($link, "UPDATE ttrss_users SET
+							pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'");
+
+						$query = "SELECT id,login,access_level,pwd_hash
+			            FROM ttrss_users WHERE
+							login = '$login' AND pwd_hash = '$pwd_hash'";
+
+					} else {
+						return false;
+					}
+
+				} else {
+
+					$pwd_hash = encrypt_password($password, $salt, true);
+
+					$query = "SELECT id,login,access_level,pwd_hash
+			         FROM ttrss_users WHERE
+						login = '$login' AND pwd_hash = '$pwd_hash'";
+
+				}
 			}
 
 			$result = db_query($link, $query);
@@ -774,20 +813,7 @@
 
 	function make_password($length = 8) {
 
-		$password = "";
+		return substr(bin2hex(openssl_random_pseudo_bytes($length / 2)), 0, $length);
-		$possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ";
-
-   	$i = 0;
-
-		while ($i < $length) {
-			$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
-
-			if (!strstr($password, $char)) {
-				$password .= $char;
-				$i++;
-			}
-		}
-		return $password;
 	}
 
 	// this is called after user is created to initialize default feeds, labels
@@ -3448,22 +3474,16 @@
 		return $url_path;
 	} // function add_feed_url
 
-	/**
+	function encrypt_password($pass, $salt = '', $mode2 = false) {
-	 * Encrypt a password in SHA1.
+		if ($salt && $mode2) {
-	 *
+			return "MODE2:" . hash('sha256', $salt . $pass);
-	 * @param string $pass The password to encrypt.
+		} else if ($salt) {
-	 * @param string $login A optionnal login.
+			return "SHA1X:" . sha1("$salt:$pass");
-	 * @return string The encrypted password.
-	 */
-	function encrypt_password($pass, $login = '') {
-		if ($login) {
-			return "SHA1X:" . sha1("$login:$pass");
 		} else {
 			return "SHA1:" . sha1($pass);
 		}
 	} // function encrypt_password
 
-
 	function sanitize_article_content($text) {
 		# we don't support CDATA sections in articles, they break our own escaping
 		$text = preg_replace("/\[\[CDATA/", "", $text);

include/sanity_check.php

@@ -6,7 +6,7 @@
 	} else {
 
 		define('EXPECTED_CONFIG_VERSION', 25);
-		define('SCHEMA_VERSION', 87);
+		define('SCHEMA_VERSION', 88);
 
 		require_once "config.php";
 		require_once "sanity_config.php";

schema/ttrss_schema_mysql.sql

@@ -44,6 +44,7 @@ create table ttrss_users (id integer primary key not null auto_increment,
 	full_name varchar(250) not null default '',
 	email_digest bool not null default false,
 	last_digest_sent datetime default null,
+	salt varchar(250) not null default '',
 	created datetime default null,
 	twitter_oauth longtext default null,
 	index (theme_id)) ENGINE=InnoDB DEFAULT CHARSET=UTF8;
@@ -259,7 +260,7 @@ create table ttrss_tags (id integer primary key auto_increment,
 
 create table ttrss_version (schema_version int not null) ENGINE=InnoDB DEFAULT CHARSET=UTF8;
 
-insert into ttrss_version values (87);
+insert into ttrss_version values (88);
 
 create table ttrss_enclosures (id integer primary key auto_increment,
 	content_url text not null,

schema/ttrss_schema_pgsql.sql

@@ -41,6 +41,7 @@ create table ttrss_users (id serial not null primary key,
 	full_name varchar(250) not null default '',
 	email_digest boolean not null default false,
 	last_digest_sent timestamp default null,
+	salt varchar(250) not null default '',
 	twitter_oauth text default null,
 	created timestamp default null);
 
@@ -228,7 +229,7 @@ create index ttrss_tags_post_int_id_idx on ttrss_tags(post_int_id);
 
 create table ttrss_version (schema_version int not null);
 
-insert into ttrss_version values (87);
+insert into ttrss_version values (88);
 
 create table ttrss_enclosures (id serial not null primary key,
 	content_url text not null,

schema/versions/mysql/88.sql

@@ -0,0 +1,10 @@
+begin;
+
+alter table ttrss_users add column salt varchar(250);
+update ttrss_users set salt = '';
+alter table ttrss_users change salt salt varchar(250) not null;
+alter table ttrss_users alter column salt set default '';
+
+update ttrss_version set schema_version = 88;
+
+commit;

schema/versions/pgsql/88.sql

@@ -0,0 +1,10 @@
+begin;
+
+alter table ttrss_users add column salt varchar(250);
+update ttrss_users set salt = '';
+alter table ttrss_users alter column salt set not null;
+alter table ttrss_users alter column salt set default '';
+
+update ttrss_version set schema_version = 88;
+
+commit;