Add support of argon2i & argon2id password hash types
Closes pull-request #158
This commit is contained in:
parent
9488fe2ed7
commit
43bac58990
@ -93,6 +93,8 @@
|
|||||||
'ssha512'=>'ssha512',
|
'ssha512'=>'ssha512',
|
||||||
'sha256crypt'=>'sha256crypt',
|
'sha256crypt'=>'sha256crypt',
|
||||||
'sha512crypt'=>'sha512crypt',
|
'sha512crypt'=>'sha512crypt',
|
||||||
|
'argon2i'=>'argon2i',
|
||||||
|
'argon2id'=>'argon2id',
|
||||||
)*/
|
)*/
|
||||||
# $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5');
|
# $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5');
|
||||||
|
|
||||||
|
@ -576,6 +576,8 @@ class Config {
|
|||||||
'ssha512'=>'ssha512',
|
'ssha512'=>'ssha512',
|
||||||
'sha256crypt'=>'sha256crypt',
|
'sha256crypt'=>'sha256crypt',
|
||||||
'sha512crypt'=>'sha512crypt',
|
'sha512crypt'=>'sha512crypt',
|
||||||
|
'argon2i'=>'argon2i',
|
||||||
|
'argon2id'=>'argon2id',
|
||||||
));
|
));
|
||||||
|
|
||||||
/** Search display
|
/** Search display
|
||||||
|
@ -2299,6 +2299,20 @@ function pla_password_hash($password_clear,$enc_type) {
|
|||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'argon2i':
|
||||||
|
if (! defined('PASSWORD_ARGON2I'))
|
||||||
|
error(_('Your system does not support argon2i encryption (PHP 7.2 or upper is required).'),'error','index.php');
|
||||||
|
$new_value = sprintf('{ARGON2}%s',password_hash($password_clear,PASSWORD_ARGON2I));
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'argon2id':
|
||||||
|
if (! defined('PASSWORD_ARGON2ID'))
|
||||||
|
error(_('Your system does not support argon2id encryption (PHP 7.3 or upper is required).'),'error','index.php');
|
||||||
|
$new_value = sprintf('{ARGON2}%s',password_hash($password_clear,PASSWORD_ARGON2ID));
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
case 'clear':
|
case 'clear':
|
||||||
default:
|
default:
|
||||||
$new_value = $password_clear;
|
$new_value = $password_clear;
|
||||||
@ -2534,6 +2548,14 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
|
|||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
# Argon2 crypted passwords
|
||||||
|
case 'argon2':
|
||||||
|
if (password_verify($plainpassword, $cryptedpassword))
|
||||||
|
return true;
|
||||||
|
else
|
||||||
|
return false;
|
||||||
|
break;
|
||||||
|
|
||||||
# No crypt is given assume plaintext passwords are used
|
# No crypt is given assume plaintext passwords are used
|
||||||
default:
|
default:
|
||||||
if ($plainpassword == $cryptedpassword)
|
if ($plainpassword == $cryptedpassword)
|
||||||
@ -2577,6 +2599,16 @@ function get_enc_type($user_password) {
|
|||||||
|
|
||||||
elseif (preg_match('/{[^}]+}_+/',$user_password))
|
elseif (preg_match('/{[^}]+}_+/',$user_password))
|
||||||
$enc_type = 'ext_des';
|
$enc_type = 'ext_des';
|
||||||
|
|
||||||
|
}
|
||||||
|
elseif (strcasecmp($enc_type,'argon2') == 0) {
|
||||||
|
|
||||||
|
if (preg_match('/{ARGON2}\$argon2i\$/',$user_password))
|
||||||
|
$enc_type = 'argon2i';
|
||||||
|
|
||||||
|
elseif (preg_match('/{ARGON2}\$argon2id\$/',$user_password))
|
||||||
|
$enc_type = 'argon2id';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $enc_type;
|
return $enc_type;
|
||||||
|
Loading…
Reference in New Issue
Block a user