From 402e98d0f8caf1bf5010fba513d24ab2af375c40 Mon Sep 17 00:00:00 2001
From: Marco Antonio Nina <marcoantonionina@colosa.com>
Date: Thu, 2 Oct 2014 15:32:20 -0400
Subject: [PATCH] Improvement hashPassword hashType

---
 gulliver/system/class.bootstrap.php            | 18 +++++++++---------
 .../engine/methods/login/changePassword.php    |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php
index 8b94f8242..8c3c59bc5 100644
--- a/gulliver/system/class.bootstrap.php
+++ b/gulliver/system/class.bootstrap.php
@@ -2860,16 +2860,16 @@ class Bootstrap
         }
     }
 
-    public function getConfigHashPassword()
+    public function getPasswordHashType()
     {
         G::LoadClass( "configuration" );
         $config= new Configurations();
         return $config->getConfiguration('ENTERPRISE_SETTING_ENCRYPT', '');
     }
 
-    public function hashPassword($pass, $config = '', $includeHash = false, $hashOld = false)
+    public function hashPassword($pass, $hashType = '', $includeHashType = false, $hashOld = false)
     {
-        $typeEncrypt = ($config != '') ? $config : Bootstrap::getConfigHashPassword();
+        $typeEncrypt = ($hashType != '') ? $hashType : Bootstrap::getPasswordHashType();
         $encrypt = 'md5';
         if ($typeEncrypt != null) {
             if (isset($typeEncrypt['current']) && $typeEncrypt['current'] != '') {
@@ -2879,7 +2879,7 @@ class Bootstrap
                 $encrypt = $typeEncrypt['previous'];
             }
         }
-        if ($includeHash) {
+        if ($includeHashType) {
             $var = $encrypt . ':' . $pass;
         } else {
             eval("\$var = hash('" . $encrypt . "', '" . $pass . "');");
@@ -2890,13 +2890,13 @@ class Bootstrap
 
     public function verifyHashPassword ($pass, $userPass)
     {
-        $config = Bootstrap::getConfigHashPassword();
-        if (Bootstrap::hashPassword($pass, $config) == $userPass
-            || Bootstrap::hashPassword($pass, $config, true) == $userPass) {
+        $hashType = Bootstrap::getPasswordHashType();
+        if (Bootstrap::hashPassword($pass, $hashType) == $userPass
+            || Bootstrap::hashPassword($pass, $hashType, true) == $userPass) {
             return true;
         }
-        if (Bootstrap::hashPassword($pass, $config, false, true) == $userPass
-            || Bootstrap::hashPassword($pass, $config, true, true) == $userPass) {
+        if (Bootstrap::hashPassword($pass, $hashType, false, true) == $userPass
+            || Bootstrap::hashPassword($pass, $hashType, true, true) == $userPass) {
             return true;
         }
         return false;
diff --git a/workflow/engine/methods/login/changePassword.php b/workflow/engine/methods/login/changePassword.php
index 20bdaf3a4..8eec6306c 100755
--- a/workflow/engine/methods/login/changePassword.php
+++ b/workflow/engine/methods/login/changePassword.php
@@ -5,7 +5,7 @@ $aUser = $oUser->load($_SESSION['USER_LOGGED']);
 global $RBAC;
 $aData['USR_UID']      = $aUser['USR_UID'];
 $aData['USR_USERNAME'] = $aUser['USR_USERNAME'];
-$aData['USR_PASSWORD'] = Bootstrap::hasPassword($_POST['form']['USR_PASSWORD']);
+$aData['USR_PASSWORD'] = Bootstrap::hashPassword($_POST['form']['USR_PASSWORD']);
 $aData['USR_FIRSTNAME']   = $aUser['USR_FIRSTNAME'];
 $aData['USR_LASTNAME']    = $aUser['USR_LASTNAME'];
 $aData['USR_EMAIL']       = $aUser['USR_EMAIL'];