/** * Get hash for string * * @param $string string * @return string|false */ function getHash($string) { if (Hashing::isSupported()) { return password_hash($string, PASSWORD_BCRYPT); } return false; }
/** * Encrypt user passwords for database storage. * The username is used as a unique salt to make dictionary * attacks against a compromised database more difficult. * @param $username string username (kept for backwards compatibility) * @param $password string unencrypted password * @param $encryption string optional encryption algorithm to use, defaulting to the value from the site configuration * @param $legacy boolean if true, use legacy hashing technique for backwards compatibility * @return string encrypted password */ function encryptCredentials($username, $password, $encryption = false, $legacy = null) { if (!isset($legacy)) { $legacy = !Hashing::isSupported(); } if ($legacy) { $valueToEncrypt = $username . $password; if ($encryption == false) { $encryption = Config::getVar('security', 'encryption'); } switch ($encryption) { case 'sha1': if (function_exists('sha1')) { return sha1($valueToEncrypt); } case 'md5': default: return md5($valueToEncrypt); } } else { return Hashing::getHash($password); } }