function getSalt($saltfile = 'data/salt.php') { if (!is_file($saltfile)) { file_put_contents($saltfile, '<?php /* |' . randomSalt() . '| */ ?>'); } $items = explode('|', file_get_contents($saltfile)); return $items[1]; }
/** * Code originaly from the phpLDAPadmin development team * http://phpldapadmin.sourceforge.net/ * * Hashes a password and returns the hash based on the specified enc_type. * * @param string $passwordClear The password to hash in clear text. * @param string $encodageType Standard LDAP encryption type which must be one of * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. * @return string The hashed password. * */ function hashPassword($passwordClear, $encodageType) { $encodageType = strtolower($encodageType); switch ($encodageType) { case 'crypt': $cryptedPassword = '******' . crypt($passwordClear, randomSalt(2)); break; case 'ext_des': // extended des crypt. see OpenBSD crypt man page. if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) { // Your system crypt library does not support extended DES encryption. return FALSE; } $cryptedPassword = '******' . crypt($passwordClear, '_' . randomSalt(8)); break; case 'md5crypt': if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) { // Your system crypt library does not support md5crypt encryption. return FALSE; } $cryptedPassword = '******' . crypt($passwordClear, '$1$' . randomSalt(9)); break; case 'blowfish': if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) { // Your system crypt library does not support blowfish encryption. return FALSE; } // hardcoded to second blowfish version and set number of rounds $cryptedPassword = '******' . crypt($passwordClear, '$2a$12$' . randomSalt(13)); break; case 'md5': $cryptedPassword = '******' . base64_encode(pack('H*', md5($passwordClear))); break; case 'sha': if (function_exists('sha1')) { // use php 4.3.0+ sha1 function, if it is available. $cryptedPassword = '******' . base64_encode(pack('H*', sha1($passwordClear))); } elseif (function_exists('mhash')) { $cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear)); } else { return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. } break; case 'ssha': if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { mt_srand((double) microtime() * 1000000); $salt = mhash_keygen_s2k(MHASH_SHA1, $passwordClear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); $cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear . $salt) . $salt); } else { return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. } break; case 'smd5': if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { mt_srand((double) microtime() * 1000000); $salt = mhash_keygen_s2k(MHASH_MD5, $passwordClear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); $cryptedPassword = '******' . base64_encode(mhash(MHASH_MD5, $passwordClear . $salt) . $salt); } else { return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. } break; case 'samba': if (function_exists('hash')) { $cryptedPassword = hash('md4', rcube_charset_convert($passwordClear, RCMAIL_CHARSET, 'UTF-16LE')); $cryptedPassword = strtoupper($cryptedPassword); } else { /* Your PHP install does not have the hash() function */ return false; } break; case 'clear': default: $cryptedPassword = $passwordClear; } return $cryptedPassword; }
$conn->next_result(); $conn->use_result(); } if (!$result) { ?> <div class="box-outer top-box"> <div class="box-inner"> <div class="boxbar"><h2>There was an error when importing database!</h2></div> <div class="boxcontent"> <a href="./install.php">[ BACK ]</a> </div> </div> </div> <?php } else { $salt = $conn->real_escape_string(randomSalt(15)); $result = $conn->query("INSERT INTO users (`username`, `password`, `salt`, `group`, `boards`) VALUES ('" . $conn->real_escape_string($username) . "', '" . hash("sha512", $password . $salt) . "', '" . $salt . "', 3, '%')"); if (!$result) { ?> <div class="box-outer top-box"> <div class="box-inner"> <div class="boxbar"><h2>There was an error when creating your account!</h2></div> <div class="boxcontent"> <a href="./install.php">[ BACK ]</a> </div> </div> </div> <?php } else { $handle = fopen("./config.php", "w"); $file = '<?php' . "\n";