diff --git a/code/api.php b/code/api.php
index 3c47638..3476aba 100644
--- a/code/api.php
+++ b/code/api.php
@@ -42,7 +42,7 @@ if (isset($_MGM['user']) && $_MGM['user']['level']==1 && $_MGM['path'][1]=="user
$epassword = $result['password'];
if (!empty($password)) {
$salt = substr(sha1(rand()),0,12);
- $epassword = $salt.hash("sha512", $salt.hash("sha512", $password));
+ $epassword = $salt.hashPassword($password,hex2bin($salt));
}
if ($level=="")
$level = $result['level'];
diff --git a/code/login.php b/code/login.php
index 6c770ae..ccf23bf 100644
--- a/code/login.php
+++ b/code/login.php
@@ -24,7 +24,7 @@ if (isset($_REQUEST['login'])) {
$error = "Invalid login credentials.";
} else {
$salt = substr($user['password'], 0, 12);
- $epassword = $salt.hash("sha512", $salt.hash("sha512", $password));
+ $epassword = $salt.hashPassword($password,hex2bin($salt));
if ($epassword!=$user['password']) {
$error = "Invalid login credentials.";
} else {
diff --git a/code/setup.php b/code/setup.php
index dad3070..ad4a734 100644
--- a/code/setup.php
+++ b/code/setup.php
@@ -16,7 +16,7 @@
$result = databaseQuery("SELECT * FROM settings WHERE name='db_version'");
if ($result==NULL) {
databaseQuery("CREATE TABLE settings (name TEXT, value TEXT)");
- databaseQuery("INSERT INTO settings (name, value) VALUES ('db_version',%d)", $_MGM['version']);
+ databaseQuery("INSERT INTO settings (name, value) VALUES ('db_version',%s)", $_MGM['version']);
databaseQuery("CREATE VIRTUAL TABLE images USING fts3(user_id INTEGER, hash TEXT, extension TEXT, name TEXT, file_size INTEGER, width INTEGER, height INTEGER, thumb_file_size INTEGER, thumb_width INTEGER, thumb_height INTEGER, tags TEXT, external_data TEXT, ocr TEXT, time INTEGER)");
databaseQuery("CREATE TABLE users (docid INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT, password TEXT, time INTEGER, level INTEGER)");
@@ -31,6 +31,49 @@ if ($result==NULL) {
+ Admin Password Update
+ Passwords hash system has been changed. Please enter an administrator email and password to update your account. You would be required to update any other account's password once you have completed this step as their account will not be able to function.
+
+