Unsafe password storage

[KTGLeiden]

Hi there,

You are saving the passwords as a plain md5 hash. That used to be "OK", but people have been building giant rainbowtables it isn't anymore.
I could simply revert the admin password hash using this website.

If there are any users for your lib - and it seems there are -, it would be nice if they weren't using this unsafe form of password storage.
Use a hash, and use a better hashing algorithm.

Further reading: https://www.php.net/manual/en/faq.passwords.php

Thanks for creating this, it looks pretty good!

Koen

[ectic2020]

Le mot de passe admin ne fonctionne pas, qui peut m'aider a résoudre le problème ?

[anesuc]

Has this issue been resolved yet?

[drmuzic]

The files on this project are 5 years old. There is no way this users is upating this project as MD5 is no longer safe to use as for storing password in a database. password_hash() is the prefered way of hashing passwords, but the storage container must be set to 255 characters. This can be simply imlemented into this to update it manually. It is a really simple thing to do, as this pretty much looks like it is Opject Oriented Programming. I have done it with other project which were so outdated with trial and error.
https://www.php.net/manual/en/function.password-hash.php