fix blowfish hashing on php >=5.3.7, see http://php.net/manual/en/function.crypt.php, fixes #1288

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

lib/functions/system/function.makeCryptPassword.php

@@ -24,7 +24,7 @@
  *
  * 0 - default crypt (depenend on system configuration)
  * 1 - MD5 $1$
- * 2 - BLOWFISH $2a$
+ * 2 - BLOWFISH $2a$ | $2y$07$ (on php 5.3.7+)
  * 3 - SHA-256 $5$
  * 4 - SHA-512 $6$
  */
@@ -43,7 +43,16 @@ function makeCryptPassword ($password) {
 			$cryptPassword = crypt($password, '$1$' . generatePassword().  generatePassword());
 			break;
 		case 2:
-			$cryptPassword = crypt($password, '$2a$' . generatePassword().  generatePassword());
+			if (version_compare(phpversion(), '5.3.7', '<')) {
+				$cryptPassword = crypt($password, '$2a$' . generatePassword().  generatePassword());
+			} else {
+				// Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$",
+				// a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z"
+				$cryptPassword = crypt(
+					$password,
+					'$2y$07$' . substr(generatePassword().generatePassword().generatePassword(), 0, 22)
+				);
+			}
 			break;
 		case 3:
 			$cryptPassword = crypt($password, '$5$' . generatePassword().  generatePassword());