pkp/pkp-lib#781 Improve password hashing

Puckohue · Oct 23, 2015 · 8145210 · 8145210
1 parent e5bc968
commit 8145210
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/config.TEMPLATE.inc.php b/config.TEMPLATE.inc.php
@@ -247,9 +247,16 @@
 
 ; The encryption (hashing) algorithm to use for encrypting user passwords
 ; Valid values are: md5, sha1
-; Note that sha1 requires PHP >= 4.3.0
+; NOTE: This hashing method is deprecated, but necessary to permit gradual
+; migration of old password hashes.
 encryption = md5
 
+; The unique salt to use for generating password reset hashes
+salt = "YouMustSetASecretKeyHere!!"
+
+; The number of seconds before a password reset hash expires (defaults to 7200 / 2 hours)
+reset_seconds = 7200
+
 ; Allowed HTML tags for fields that permit restricted HTML.
 ; Use e.g. "img[src,alt],p" to allow "src" and "alt" attributes to the "img"
 ; tag, and also to permit the "p" paragraph tag. Unspecified attributes will be

diff --git a/docs/README b/docs/README
@@ -31,7 +31,7 @@ System Requirements
 -------------------
 Recommended server requirements:
 
-	* PHP >= 5.2
+	* PHP >= 5.3.7
 	* MySQL >= 4.1 or PostgreSQL >= 9.1.5
 	* Apache >= 1.3.2x or >= 2.0.4x or Microsoft IIS 6
 	* Operating system: Any OS that supports the above software, including