Added Bcrypt support (#116)

* Set minimum PHP version to 5.5.0| Bcrypt Support
* Added Bcrypt hash support
* Update Install.md
This commit is contained in:
Gurvinder Dadyala 2020-08-30 17:28:50 +05:30 committed by GitHub
parent fb437b037e
commit bdfd68c3b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 3 deletions

View File

@ -5,7 +5,7 @@ For install instructions in non-English languages, see the wiki:
phpLDAPadmin requires the following: phpLDAPadmin requires the following:
a. A web server (Apache, IIS, etc). a. A web server (Apache, IIS, etc).
b. PHP 5.0.0 or newer (with LDAP support) b. PHP 5.5.0 or newer (with LDAP support)
* To install * To install

View File

@ -8,7 +8,7 @@
*/ */
/** The minimum version of PHP required to run phpLDAPadmin. */ /** The minimum version of PHP required to run phpLDAPadmin. */
define('REQUIRED_PHP_VERSION','5.0.0'); define('REQUIRED_PHP_VERSION','5.5.0');
/** /**
* The config class contains all our configuration settings for a session. * The config class contains all our configuration settings for a session.

View File

@ -2156,6 +2156,7 @@ function password_types() {
return array( return array(
''=>'clear', ''=>'clear',
'bcrypt'=>'bcrypt',
'blowfish'=>'blowfish', 'blowfish'=>'blowfish',
'crypt'=>'crypt', 'crypt'=>'crypt',
'ext_des'=>'ext_des', 'ext_des'=>'ext_des',
@ -2258,6 +2259,19 @@ function pla_password_hash($password_clear,$enc_type) {
break; break;
case 'bcrypt':
$options = [
'cost' => 8,
];
#Checking if password_hash() function is available.
if (function_exists('password_hash'))
$new_value = sprintf('{BCRYPT}%s',base64_encode(password_hash($password_clear, PASSWORD_BCRYPT, $options)));
else
error(_('Your PHP install does not have the password_hash() function. Cannot do BCRYPT hashes.'),'error','index.php');
break;
case 'smd5': case 'smd5':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double)microtime()*1000000); mt_srand((double)microtime()*1000000);
@ -2365,6 +2379,23 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
break; break;
#BCRYPT hashed passwords
case 'bcrypt':
# Check php password_verify support before using it
if (function_exists('password_verify')) {
$hash = base64_decode($cryptedpassword);
if (password_verify($plainpassword, $hash)) {
return true;
} else {
return false;
}
} else {
error(_('Your PHP install does not have the password_verify() function. Cannot do Bcrypt hashes.'),'error','index.php');
}
break;
# Salted MD5 # Salted MD5
case 'smd5': case 'smd5':
# Check php mhash support before using it # Check php mhash support before using it