SF Feature #3509651 - Add support for SHA512 with OpenLDAP

lib/functions.php

@@ -2114,7 +2114,8 @@ function password_types() {
 		'md5crypt'=>'md5crypt',
 		'sha'=>'sha',
 		'smd5'=>'smd5',
-		'ssha'=>'ssha'
+		'ssha'=>'ssha',
+		'sha512'=>'sha512',
 	);
 }
 
@@ -2123,7 +2124,7 @@ function password_types() {
  *
  * @param string The password to hash in clear text.
  * @param string Standard LDAP encryption type which must be one of
- *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
+ *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
  * @return string The hashed password.
  */
 function password_hash($password_clear,$enc_type) {
@@ -2216,6 +2217,16 @@ function password_hash($password_clear,$enc_type) {
 
 			break;
 
+		case 'sha512':
+			if (function_exists('openssl_digest') && function_exists('base64_encode')) {
+				$new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true)));
+
+			} else {
+				error(_('Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes. '),'error','index.php');
+			}
+
+			break;
+
 		case 'clear':
 		default:
 			$new_value = $password_clear;
@@ -2379,6 +2390,15 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
 
 			break;
 
+		# SHA512 crypted passwords
+		case 'sha512':
+			if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
+				return true;
+			else
+				return false;
+
+			break;
+
 		# No crypt is given assume plaintext passwords are used
 		default:
 			if ($plainpassword == $cryptedpassword)