From 65ae712c68e8d6a44fcb99b5ff98a691d340e3bb Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@nyu.edu>
Date: Wed, 13 May 2015 13:07:46 -0400
Subject: [PATCH] Accidentally still using old password hashing in forgot
 password

---
 CTFd/auth.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/CTFd/auth.py b/CTFd/auth.py
index 115bd997..29cda280 100644
--- a/CTFd/auth.py
+++ b/CTFd/auth.py
@@ -30,7 +30,7 @@ def init_auth(app):
             except BadTimeSignature:
                 return render_template('reset_password.html', errors=['Your link has expired'])
             team = Teams.query.filter_by(name=name).first()
-            team.password = sha512(request.form['password'].strip())
+            team.password = bcrypt_sha256.encrypt(request.form['password'].strip())
             db.session.commit()
             db.session.close()
             return redirect('/login')
@@ -107,7 +107,6 @@ Did you initiate a password reset?
         if request.method == 'POST':
             errors = []
             name = request.form['name']
-            # team = Teams.query.filter_by(name=request.form['name'], password=sha512(request.form['password'])).first()
             team = Teams.query.filter_by(name=name).first()
             if team and bcrypt_sha256.verify(request.form['password'], team.password):
                 try: