Move the sha512 crypt hash into it's own function

2018-04-16 22:35:41 -04:00 · 2018-04-16 22:35:41 -04:00 · 56cbd2f8b4
parent 294397e10f
commit 56cbd2f8b4
1 changed files with 25 additions and 15 deletions
--- a/bureau/class/functions.php
+++ b/bureau/class/functions.php
@ -1205,9 +1205,10 @@ function csrf_check($token=null) {
 }

 /**
- * Create a password hash for use with dovecot.
+ * Create a SHA512-CRYPT hash of a string.
 */
-function _dovecot_hash($password) {
+function _sha512cr($password, $salt = NULL) {
+    if (!$salt) {
        // Aim to have a 16 character salt for SHA-512 crypt.
        // @see https://secure.php.net/manual/en/function.crypt.php
        if (function_exists('random_bytes')) {
@ -1223,12 +1224,21 @@ function _dovecot_hash($password) {
        if (!$salt) {
            throw Error('Unable to generate salt');
        }
+    }
    $salt = '$6$rounds=20000$' . $salt;
    $hash = crypt($password, $salt);
+    return $hash;
+}
+
+/**
+ * Create a password hash for use with dovecot.
+ */
+function _dovecot_hash($password) {
    // In any case the final password saved for dovecot can store the
    // scheme to override the default on a per-account basis.
    // Ideally this is updated to bcrypt or argon2 when those become
    // available in dovecot.
    // @see https://wiki.dovecot.org/Authentication/PasswordSchemes
+    $hash = _sha512cr($password);
    return '{SHA512-CRYPT}' . $hash;
 }