Added Bcrypt support (#116)

* Set minimum PHP version to 5.5.0| Bcrypt Support * Added Bcrypt hash support * Update Install.md
2020-08-30 17:28:50 +05:30 · 2020-08-30 17:28:50 +05:30 · bdfd68c3b6
parent fb437b037e
commit bdfd68c3b6
3 changed files with 34 additions and 3 deletions
--- a/INSTALL.md
+++ b/INSTALL.md
@ -5,7 +5,7 @@ For install instructions in non-English languages, see the wiki:

  phpLDAPadmin requires the following:
      a. A web server (Apache, IIS, etc).
-      b. PHP 5.0.0 or newer (with LDAP support)
+      b. PHP 5.5.0 or newer (with LDAP support)

 * To install

--- a/lib/config_default.php
+++ b/lib/config_default.php
@ -8,7 +8,7 @@
 */

 /** The minimum version of PHP required to run phpLDAPadmin. */
-define('REQUIRED_PHP_VERSION','5.0.0');
+define('REQUIRED_PHP_VERSION','5.5.0');

 /**
 * The config class contains all our configuration settings for a session.
--- a/lib/functions.php
+++ b/lib/functions.php
@ -2156,7 +2156,8 @@ function password_types() {

 	return array(
 		''=>'clear',
-		'blowfish'=>'blowfish',
+		'bcrypt'=>'bcrypt',
+                'blowfish'=>'blowfish',
 		'crypt'=>'crypt',
 		'ext_des'=>'ext_des',
 		'md5'=>'md5',
@ -2258,6 +2259,19 @@ function pla_password_hash($password_clear,$enc_type) {

 			break;

+                case 'bcrypt':
+                        $options = [
+                                    'cost' => 8,
+                                   ];
+                        #Checking if password_hash() function is available.
+                        if (function_exists('password_hash'))
+                                $new_value = sprintf('{BCRYPT}%s',base64_encode(password_hash($password_clear, PASSWORD_BCRYPT, $options)));
+                        else
+                                error(_('Your PHP install does not have the password_hash() function. Cannot do BCRYPT hashes.'),'error','index.php');
+
+                        break;
+
+
 		case 'smd5':
 			if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
 				mt_srand((double)microtime()*1000000);
@ -2364,6 +2378,23 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
 			}

 			break;
+                 
+                #BCRYPT hashed passwords
+                case 'bcrypt':
+                        # Check php password_verify support before using it
+                        if (function_exists('password_verify')) {
+                                $hash = base64_decode($cryptedpassword);
+                                if (password_verify($plainpassword, $hash)) {
+                                    return true;
+                                } else {
+                                    return false;
+                                }
+
+                        } else {
+                                error(_('Your PHP install does not have the password_verify() function. Cannot do Bcrypt hashes.'),'error','index.php');
+                        }
+
+                        break;

 		# Salted MD5
 		case 'smd5':