Skip to content
  • Lukas Fleischer's avatar
    Use bcrypt to hash passwords · 29a48708
    Lukas Fleischer authored
    Replace the default hash function used for storing passwords by
    password_hash() which internally uses bcrypt. Legacy MD5 hashes are
    still supported and are immediately converted to the new format when a
    user logs in.
    Since big parts of the authentication system needed to be rewritten in
    this context, this patch also includes some simplification and
    refactoring of all code related to password checking and resetting.
    Fixes FS#52297.
    Signed-off-by: default avatarLukas Fleischer <>