diff -u -p -r password_policy.old/constraints/constraint_history.php password_policy/constraints/constraint_history.php --- password_policy.old/constraints/constraint_history.php Thu Jun 4 13:38:50 2009 +++ password_policy/constraints/constraint_history.php Wed Jul 22 23:34:16 2009 @@ -23,13 +23,25 @@ class History_Constraint extends Constra // gathered to operate fully. $testSize = min($this->minimumConstraintValue, $recordedHistorySize); - $count = 0; - $passwordToCompare = md5($plaintext_password); $failed = FALSE; - while ($values = db_fetch_array($result)) { - // if we found one password which matches, then we've failed - if ($values['pass'] == $passwordToCompare) { - $failed = TRUE; + + if (module_exists('phpass') && variable_get('user_hash_method', 'phpass') == 'phpass') { + require_once(drupal_get_path('module', 'phpass') .'/PasswordHash.php'); + $phpass = new PasswordHash(variable_get('user_hash_strength', 8), variable_get('user_hash_portable', TRUE)); + while ($values = db_fetch_array($result)) { + // if we found one password which matches, then we've failed + if ($phpass->CheckPassword($plaintext_password, $values['pass'])) { + $failed = TRUE; + } + } + } + else { + $passwordToCompare = md5($plaintext_password); + while ($values = db_fetch_array($result)) { + // if we found one password which matches, then we've failed + if ($values['pass'] == $passwordToCompare) { + $failed = TRUE; + } } } return !$failed; diff -u -p -r password_policy.old/password_policy.install password_policy/password_policy.install --- password_policy.old/password_policy.install Fri Oct 3 17:36:22 2008 +++ password_policy/password_policy.install Wed Jul 22 22:33:35 2009 @@ -19,7 +19,7 @@ function password_policy_install() { ) /*!40100 DEFAULT CHARACTER SET utf8 */"); db_query("CREATE TABLE {password_policy_users} ( uid int(10) unsigned NOT NULL default '0', - pass varchar(32) NOT NULL default '', + pass varchar(60) NOT NULL default '', created int(11) NOT NULL default '0', KEY (uid) ) /*!40100 DEFAULT CHARACTER SET utf8 */"); @@ -92,6 +92,19 @@ function password_policy_update_5000() { case 'mysqli': $ret[] = update_sql("ALTER TABLE {password_policy_users} ADD KEY (uid)"); $ret[] = update_sql("ALTER TABLE {password_policy_expiration} ADD KEY (uid)"); + break; + } + + return $ret; +} + +function password_policy_update_5001() { + $ret = array(); + + switch ($GLOBALS['db_type']) { + case 'mysql': + case 'mysqli': + $ret[] = update_sql("ALTER TABLE {password_policy_users} CHANGE pass pass varchar(60) NOT NULL default ''"); break; } diff -u -p -r password_policy.old/password_policy.module password_policy/password_policy.module --- password_policy.old/password_policy.module Thu Jun 4 13:32:54 2009 +++ password_policy/password_policy.module Wed Jul 22 22:12:52 2009 @@ -604,7 +604,15 @@ function password_policy_user($type, &$e * used previously. */ function _password_policy_store_password($uid, $pass) { - db_query("INSERT INTO {password_policy_users} SET uid = %d, pass = '%s', created = %d", $uid, md5($pass), time()); + if (module_exists('phpass') && variable_get('user_hash_method', 'phpass') == 'phpass') { + require_once(drupal_get_path('module', 'phpass') .'/PasswordHash.php'); + $phpass = new PasswordHash(variable_get('user_hash_strength', 8), variable_get('user_hash_portable', TRUE)); + $hash = $phpass->HashPassword($pass); + } + else { + $hash = md5($pass); + } + db_query("INSERT INTO {password_policy_users} SET uid = %d, pass = '%s', created = %d", $uid, $hash, time()); } /**