Sha512 passwords

dcc4902a · Imran Hussain · 9e43fafb · dcc4902a · dcc4902a
Commit dcc4902a authored Dec 23, 2021 by Imran Hussain
--- a/components/options.php
+++ b/components/options.php
@@ -5,6 +5,8 @@ require_once("../lib/validation.php");
 require_once("Net/MAC.php");
 include_once("../lib/date.php");

+// password hash, renewal functions
+include_once("../lib/member_functions.php");

 // Some Constants
 // These could possibly be moved somewhere saner?
@@ -47,7 +49,7 @@ function changePassword($oldpass, $newpass1, $newpass2)

    // if everything looks OK, attempt to make the change
    $success = ldap_mod_replace($ldap, "uid=" . $session->username . ",ou=People,dc=sucs,dc=org",
-        array('userpassword' => "{SHA}" . base64_encode(pack("H*", sha1($newpass1)))));
+        array('userpassword' => "{CRYPT}" . cryptPassword($newpass1)));

    ldap_close($ldap);
    return $success;
@@ -214,7 +216,6 @@ function updateRenew()
        return FALSE;
    }

-    include_once("../lib/member_functions.php");
    renew_membership($member['username']);
    $sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id']));
    return TRUE;

--- a/lib/member_functions.php
+++ b/lib/member_functions.php
@@ -29,6 +29,19 @@ function make_password($length = 8)
    return $password;
 }

+// https://stackoverflow.com/a/44428794
+function cryptPassword($password, $salt = "", $rounds = 5000)
+{
+        if ($salt == "") {
+                // Generate random salt
+                $salt = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16);
+        }
+        // $6$ specifies SHA512
+        $hash = crypt($password, sprintf('$6$rounds=%d$%s$', $rounds, $salt));
+
+        return $hash;
+}
+
 function generateUid()
 {

@@ -63,7 +76,7 @@ function generateLdif($uid, $password, $type, $realname, $username)
    // explode the realname
    $nameexplode = explode(' ', trim($realname));
    // hash the password
-    $ldappassword = "{SHA}" . base64_encode(pack("H*", sha1($password)));
+    $ldappassword = "{CRYPT}" . cryptPassword($password);
    // compile ldif
    $ldif = "dn: uid=" . $username . ",ou=People,dc=sucs,dc=org\n";
    $ldif .= "uid: " . $username . "\n";