Added bcrypt support for password hashes

This method require PHP 5.3+ it will fail otherwise!

1 files changed, 34 insertions, 0 deletions

diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php
index 31493c022..77f2115bd 100644
--- a/inc/PassHash.class.php
+++ b/inc/PassHash.class.php
@@ -47,6 +47,9 @@ class PassHash {
         }elseif(preg_match('/^md5\$(.{5})\$/',$hash,$m)){
             $method = 'djangomd5';
             $salt   = $m[1];
+        }elseif(preg_match('/^\$2a\$(.{2})\$/',$hash,$m)){
+            $method = 'bcrypt';
+            $salt   = $hash;
         }elseif(substr($hash,0,6) == '{SSHA}'){
             $method = 'ssha';
             $salt   = substr(base64_decode(substr($hash, 6)),20);
@@ -379,4 +382,35 @@ class PassHash {
         return 'md5$'.$salt.'$'.md5($salt.$clear);
     }
 
+
+    /**
+     * Passwordhashing method 'bcrypt'
+     *
+     * Uses a modified blowfish algorithm called eksblowfish
+     * This method works on PHP 5.3+ only and will throw an exception
+     * if the needed crypt support isn't available
+     *
+     * A full hash should be given as salt (starting with $a2$) or this
+     * will break. When no salt is given, the iteration count can be set
+     * through the $compute variable.
+     *
+     * @param string $clear - the clear text to hash
+     * @param string $salt  - the salt to use, null for random
+     * @param int  $compute - the iteration count (between 4 and 31)
+     * @returns string - hashed password
+     */
+    public function hash_bcrypt($clear, $salt=null, $compute=8){
+        if(!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH != 1){
+            throw new Exception('This PHP installation has no bcrypt support');
+        }
+
+        if(is_null($salt)){
+            if($compute < 4 || $compute > 31) $compute = 8;
+            $salt = '$2a$'.str_pad($compute, 2, '0', STR_PAD_LEFT).'$'.
+                    $this->gen_salt(22);
+        }
+
+        return crypt($password, $salt);
+    }
+
 }