/**
* Get hash for string
*
* @param $string string
* @return string|false
*/
function getHash($string)
{
if (Hashing::isSupported()) {
return password_hash($string, PASSWORD_BCRYPT);
}
return false;
}
/**
* Encrypt user passwords for database storage.
* The username is used as a unique salt to make dictionary
* attacks against a compromised database more difficult.
* @param $username string username (kept for backwards compatibility)
* @param $password string unencrypted password
* @param $encryption string optional encryption algorithm to use, defaulting to the value from the site configuration
* @param $legacy boolean if true, use legacy hashing technique for backwards compatibility
* @return string encrypted password
*/
function encryptCredentials($username, $password, $encryption = false, $legacy = null)
{
if (!isset($legacy)) {
$legacy = !Hashing::isSupported();
}
if ($legacy) {
$valueToEncrypt = $username . $password;
if ($encryption == false) {
$encryption = Config::getVar('security', 'encryption');
}
switch ($encryption) {
case 'sha1':
if (function_exists('sha1')) {
return sha1($valueToEncrypt);
}
case 'md5':
default:
return md5($valueToEncrypt);
}
} else {
return Hashing::getHash($password);
}
}
