From ac5ec0e0f561e415d646b7c486c15f308ca23800 Mon Sep 17 00:00:00 2001
From: nuxsmin <nuxsmin@syspass.org>
Date: Wed, 30 Sep 2015 04:02:35 +0200
Subject: [PATCH] * [ADD] Switched to BCRYPT for hashing passwords and key
 derivation. WARNING: Master password should be reentered by users (you can
 use a temporary password) * [MOD] Some tweaks on forms passwords decryption *
 [FIX] Fixed issue when blank custom fields are retrieved for an item.

---
 inc/Upgrade.class.php | 2 +-
 inc/dbstructure.sql   | 6 +++---
 sql/upgrade.sql       | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/inc/Upgrade.class.php b/inc/Upgrade.class.php
index 2c0f589a..1bd3efb5 100644
--- a/inc/Upgrade.class.php
+++ b/inc/Upgrade.class.php
@@ -119,7 +119,7 @@ class Upgrade
                 break;
             case 12002:
                 $queries[] = 'ALTER TABLE config CHANGE config_value config_value VARCHAR(255);';
-                $queries[] = 'ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(128);';
+                $queries[] = 'ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(255);';
                 $queries[] = 'ALTER TABLE usrData CHANGE user_hashSalt user_hashSalt VARBINARY(128);';
                 $queries[] = 'ALTER TABLE accHistory CHANGE acchistory_mPassHash acchistory_mPassHash VARBINARY(255);';
                 break;
diff --git a/inc/dbstructure.sql b/inc/dbstructure.sql
index 7081ba16..01c869c5 100644
--- a/inc/dbstructure.sql
+++ b/inc/dbstructure.sql
@@ -50,7 +50,7 @@ CREATE TABLE `accHistory` (
   `acchistory_dateEdit` datetime NOT NULL,
   `acchistory_isModify` bit(1) DEFAULT NULL,
   `acchistory_isDeleted` bit(1) DEFAULT NULL,
-  `acchistory_mPassHash` varbinary(128) NOT NULL,
+  `acchistory_mPassHash` varbinary(255) NOT NULL,
   `accHistory_otherUserEdit` bit(1) DEFAULT b'0',
   `accHistory_otherGroupEdit` bit(1) DEFAULT b'0',
   PRIMARY KEY (`acchistory_id`),
@@ -123,7 +123,7 @@ CREATE TABLE `categories` (
 
 CREATE TABLE `config` (
   `config_parameter` varchar(50) CHARACTER SET utf8 COLLATE utf8_spanish_ci NOT NULL,
-  `config_value` varchar(128) CHARACTER SET utf8 COLLATE utf8_spanish_ci NOT NULL,
+  `config_value` varchar(255) CHARACTER SET utf8 COLLATE utf8_spanish_ci NOT NULL,
   UNIQUE KEY `vacParameter` (`config_parameter`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
@@ -189,7 +189,7 @@ CREATE TABLE `usrData` (
   `user_isAdminAcc` bit(1) NOT NULL DEFAULT b'0',
   `user_isLdap` bit(1) NOT NULL DEFAULT b'0',
   `user_isDisabled` bit(1) NOT NULL DEFAULT b'0',
-  `user_hashSalt` varbinary(40) NOT NULL,
+  `user_hashSalt` varbinary(128) NOT NULL,
   `user_isMigrate` bit(1) DEFAULT b'0',
   `user_isChangePass` bit(1) DEFAULT b'0',
   `user_preferences` blob,
diff --git a/sql/upgrade.sql b/sql/upgrade.sql
index 068335c3..d201f64f 100644
--- a/sql/upgrade.sql
+++ b/sql/upgrade.sql
@@ -38,6 +38,6 @@ CREATE TABLE `customFieldsDef` (`customfielddef_id` int(10) unsigned NOT NULL AU
 CREATE TABLE `customFieldsData` (`customfielddata_id` int(10) unsigned NOT NULL AUTO_INCREMENT,`customfielddata_moduleId` smallint(5) unsigned NOT NULL,`customfielddata_itemId` int(10) unsigned NOT NULL,`customfielddata_defId` int(10) unsigned NOT NULL,`customfielddata_data` longblob,`customfielddata_iv` varbinary(128) DEFAULT NULL, PRIMARY KEY (`customfielddata_id`), KEY `IDX_DEFID` (`customfielddata_defId`), KEY `IDX_DELETE` (`customfielddata_itemId`,`customfielddata_moduleId`), KEY `IDX_UPDATE` (`customfielddata_moduleId`,`customfielddata_itemId`,`customfielddata_defId`), KEY `IDX_ITEM` (`customfielddata_itemId`), KEY `IDX_MODULE` (`customfielddata_moduleId`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- To 1.2.0.2
 ALTER TABLE config CHANGE config_value config_value VARCHAR(255);
-ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(128);
+ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(255);
 ALTER TABLE usrData CHANGE user_hashSalt user_hashSalt VARBINARY(128);
 ALTER TABLE accHistory CHANGE acchistory_mPassHash acchistory_mPassHash VARBINARY(255);
\ No newline at end of file