Thomas Lake · Thomas Lake · Imran Hussain · Imran Hussain · Imran Hussain · Imran Hussain
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,15 +22,8 @@ php-syntax-check:

 js-syntax-check:
  stage: test
+  image: node:current
  script:
-   - apt-get clean
-   - apt-get update
-#   - apt-get install -y nodejs
-#   - ln -s /usr/bin/nodejs /usr/bin/node
-   - apt-get install -y curl gnupg
-   - curl -sL https://deb.nodesource.com/setup_8.x | bash -
-   - apt-get install -y nodejs
-   - apt-get install -y npm
   - npm install -g jshint        
   - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose

@@ -52,4 +45,4 @@ deploy-live:
   - curl https://sucs.org/pull.php
  only:
   - sucs-site
-  environment: live
\ No newline at end of file
+  environment: live
--- a/components/options.php
+++ b/components/options.php
@@ -5,6 +5,8 @@ require_once("../lib/validation.php");
 require_once("Net/MAC.php");
 include_once("../lib/date.php");

+// password hash, renewal functions
+include_once("../lib/member_functions.php");

 // Some Constants
 // These could possibly be moved somewhere saner?
@@ -47,7 +49,7 @@ function changePassword($oldpass, $newpass1, $newpass2)

    // if everything looks OK, attempt to make the change
    $success = ldap_mod_replace($ldap, "uid=" . $session->username . ",ou=People,dc=sucs,dc=org",
-        array('userpassword' => "{SHA}" . base64_encode(pack("H*", sha1($newpass1)))));
+        array('userpassword' => "{CRYPT}" . cryptPassword($newpass1)));

    ldap_close($ldap);
    return $success;
@@ -214,7 +216,6 @@ function updateRenew()
        return FALSE;
    }

-    include_once("../lib/member_functions.php");
    renew_membership($member['username']);
    $sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id']));
    return TRUE;

--- a/lib/member_functions.php
+++ b/lib/member_functions.php
@@ -29,6 +29,19 @@ function make_password($length = 8)
    return $password;
 }

+// https://stackoverflow.com/a/44428794
+function cryptPassword($password, $salt = "", $rounds = 5000)
+{
+        if ($salt == "") {
+                // Generate random salt
+                $salt = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16);
+        }
+        // $6$ specifies SHA512
+        $hash = crypt($password, sprintf('$6$rounds=%d$%s$', $rounds, $salt));
+
+        return $hash;
+}
+
 function generateUid()
 {

@@ -63,7 +76,7 @@ function generateLdif($uid, $password, $type, $realname, $username)
    // explode the realname
    $nameexplode = explode(' ', trim($realname));
    // hash the password
-    $ldappassword = "{SHA}" . base64_encode(pack("H*", sha1($password)));
+    $ldappassword = "{CRYPT}" . cryptPassword($password);
    // compile ldif
    $ldif = "dn: uid=" . $username . ",ou=People,dc=sucs,dc=org\n";
    $ldif .= "uid: " . $username . "\n";