maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

use bcrypt hash algorithms for htpasswd password hashing instead of the old SHA1

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2023-02-17 10:00:08 +01:00
parent a464d8cb19
commit 88f76e4355
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/Froxlor/System/Crypt.php
View File

@@ -220,7 +220,7 @@ class Crypt
* Make encrypted password from clear text password * Make encrypted password from clear text password
* *
* @param string $password Password to be encrypted * @param string $password Password to be encrypted
* @param bool $htpasswd optional whether to generate a SHA1 password for directory protection * @param bool $htpasswd optional whether to generate a bcrypt password for directory protection
* @param bool $ftpd optional generates sha256 password strings for proftpd/pureftpd * @param bool $ftpd optional generates sha256 password strings for proftpd/pureftpd
* *
* @return string encrypted password * @return string encrypted password
@@ -232,8 +232,8 @@ class Crypt
// sha256 compatible for proftpd and pure-ftpd // sha256 compatible for proftpd and pure-ftpd
return crypt($password, '$5$' . self::generatePassword(16, true) . '$'); return crypt($password, '$5$' . self::generatePassword(16, true) . '$');
} }
// sha1 hash for dir-protection // bcrypt hash for dir-protection
return '{SHA}' . base64_encode(sha1($password, true)); return password_hash($password, PASSWORD_BCRYPT);
} }
// crypt using the specified crypt-algorithm or system default // crypt using the specified crypt-algorithm or system default
$algo = Settings::Get('system.passwordcryptfunc') !== null ? Settings::Get('system.passwordcryptfunc') : PASSWORD_DEFAULT; $algo = Settings::Get('system.passwordcryptfunc') !== null ? Settings::Get('system.passwordcryptfunc') : PASSWORD_DEFAULT;