From 9f040c95c2e0f219875e1966e171eac9f1253802 2017-06-21 00:44:35
From: DarkMorford <DarkMorford@Gmail.com>
Date: 2017-06-21 00:44:35
Subject: [PATCH] Hash passwords in PHP instead of asking MySQL to do it.

---

diff --git a/include/admin.inc.php b/include/admin.inc.php
index 30695cd..5e6e1db 100644
--- a/include/admin.inc.php
+++ b/include/admin.inc.php
@@ -42,10 +42,8 @@ define('USING_TIDY', false);
 
 /* These function are all for core authentication. */
 
-// Call mysql to hash a password
 function mt_hash_password($password) {
-	global $mtdb;
-	return $mtdb->getOne('SELECT SHA1("' . mysqli_real_escape_string($mtdb->link, $password) . '")') ;
+	return sha1($password);
 }
 
 // Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen