Added Bcrypt support (#116)
* Set minimum PHP version to 5.5.0| Bcrypt Support * Added Bcrypt hash support * Update Install.md
This commit is contained in:
parent
fb437b037e
commit
bdfd68c3b6
@ -5,7 +5,7 @@ For install instructions in non-English languages, see the wiki:
|
||||
|
||||
phpLDAPadmin requires the following:
|
||||
a. A web server (Apache, IIS, etc).
|
||||
b. PHP 5.0.0 or newer (with LDAP support)
|
||||
b. PHP 5.5.0 or newer (with LDAP support)
|
||||
|
||||
* To install
|
||||
|
||||
|
@ -8,7 +8,7 @@
|
||||
*/
|
||||
|
||||
/** The minimum version of PHP required to run phpLDAPadmin. */
|
||||
define('REQUIRED_PHP_VERSION','5.0.0');
|
||||
define('REQUIRED_PHP_VERSION','5.5.0');
|
||||
|
||||
/**
|
||||
* The config class contains all our configuration settings for a session.
|
||||
|
@ -2156,6 +2156,7 @@ function password_types() {
|
||||
|
||||
return array(
|
||||
''=>'clear',
|
||||
'bcrypt'=>'bcrypt',
|
||||
'blowfish'=>'blowfish',
|
||||
'crypt'=>'crypt',
|
||||
'ext_des'=>'ext_des',
|
||||
@ -2258,6 +2259,19 @@ function pla_password_hash($password_clear,$enc_type) {
|
||||
|
||||
break;
|
||||
|
||||
case 'bcrypt':
|
||||
$options = [
|
||||
'cost' => 8,
|
||||
];
|
||||
#Checking if password_hash() function is available.
|
||||
if (function_exists('password_hash'))
|
||||
$new_value = sprintf('{BCRYPT}%s',base64_encode(password_hash($password_clear, PASSWORD_BCRYPT, $options)));
|
||||
else
|
||||
error(_('Your PHP install does not have the password_hash() function. Cannot do BCRYPT hashes.'),'error','index.php');
|
||||
|
||||
break;
|
||||
|
||||
|
||||
case 'smd5':
|
||||
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
|
||||
mt_srand((double)microtime()*1000000);
|
||||
@ -2365,6 +2379,23 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
|
||||
|
||||
break;
|
||||
|
||||
#BCRYPT hashed passwords
|
||||
case 'bcrypt':
|
||||
# Check php password_verify support before using it
|
||||
if (function_exists('password_verify')) {
|
||||
$hash = base64_decode($cryptedpassword);
|
||||
if (password_verify($plainpassword, $hash)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
} else {
|
||||
error(_('Your PHP install does not have the password_verify() function. Cannot do Bcrypt hashes.'),'error','index.php');
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
# Salted MD5
|
||||
case 'smd5':
|
||||
# Check php mhash support before using it
|
||||
|
Loading…
Reference in New Issue
Block a user