From 56cbd2f8b4fc053b60fe76784f119a40a2e36f5d Mon Sep 17 00:00:00 2001
From: Kienan Stewart <kienan.stewart@burntworld.ca>
Date: Mon, 16 Apr 2018 22:35:41 -0400
Subject: [PATCH] Move the sha512 crypt hash into it's own function

---
 bureau/class/functions.php | 40 ++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/bureau/class/functions.php b/bureau/class/functions.php
index dea5fc5f..0fe4f259 100755
--- a/bureau/class/functions.php
+++ b/bureau/class/functions.php
@@ -1205,30 +1205,40 @@ function csrf_check($token=null) {
 }
 
 /**
- * Create a password hash for use with dovecot.
+ * Create a SHA512-CRYPT hash of a string.
  */
-function _dovecot_hash($password) {
-    // Aim to have a 16 character salt for SHA-512 crypt.
-    // @see https://secure.php.net/manual/en/function.crypt.php
-    if (function_exists('random_bytes')) {
-        // PHP >= 7.0
-        $salt = base64_encode(random_bytes(12));
-    }
-    else if (function_exists('mcrypt_create_iv')) {
-        $salt = base64_encode(mcrypt_create_iv(12, MCRYPT_DEV_URANDOM));
-    }
-    else if (function_exists('')) {
-        $salt  = base64_encode(openssl_random_pseudo_bytes(12));
-    }
+function _sha512cr($password, $salt = NULL) {
     if (!$salt) {
-        throw Error('Unable to generate salt');
+        // Aim to have a 16 character salt for SHA-512 crypt.
+        // @see https://secure.php.net/manual/en/function.crypt.php
+        if (function_exists('random_bytes')) {
+            // PHP >= 7.0
+            $salt = base64_encode(random_bytes(12));
+        }
+        else if (function_exists('mcrypt_create_iv')) {
+            $salt = base64_encode(mcrypt_create_iv(12, MCRYPT_DEV_URANDOM));
+        }
+        else if (function_exists('')) {
+            $salt  = base64_encode(openssl_random_pseudo_bytes(12));
+        }
+        if (!$salt) {
+            throw Error('Unable to generate salt');
+        }
     }
     $salt = '$6$rounds=20000$' . $salt;
     $hash = crypt($password, $salt);
+    return $hash;
+}
+
+/**
+ * Create a password hash for use with dovecot.
+ */
+function _dovecot_hash($password) {
     // In any case the final password saved for dovecot can store the
     // scheme to override the default on a per-account basis.
     // Ideally this is updated to bcrypt or argon2 when those become
     // available in dovecot.
     // @see https://wiki.dovecot.org/Authentication/PasswordSchemes
+    $hash = _sha512cr($password);
     return '{SHA512-CRYPT}' . $hash;
 }