diff options
| author | Daniel Lange <DLange@git.local> | 2016-03-11 17:43:15 +0100 |
|---|---|---|
| committer | Daniel Lange <DLange@git.local> | 2016-03-11 17:43:15 +0100 |
| commit | e8e7efbd23bb56136ac538b30e73acaddda92d96 (patch) | |
| tree | f32f2257c766a0e98a3e8e504d059bf26252f312 /HTPasswdSync.module | |
| parent | 90cb364f9c7282e00afc05435fab7e62bc190d86 (diff) | |
| download | drupal_htpasswdsync-e8e7efbd23bb56136ac538b30e73acaddda92d96.tar.gz drupal_htpasswdsync-e8e7efbd23bb56136ac538b30e73acaddda92d96.tar.bz2 drupal_htpasswdsync-e8e7efbd23bb56136ac538b30e73acaddda92d96.zip | |
Add support for SHA-256-crypt and SHA-512-crypt salted hashes
Warning: Database schema change. Using varchar(128) instead of varchar(64) now.
Thanks for reading the full git log comment :)
Diffstat (limited to 'HTPasswdSync.module')
| -rw-r--r-- | HTPasswdSync.module | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/HTPasswdSync.module b/HTPasswdSync.module index 85e835f..fd5402d 100644 --- a/HTPasswdSync.module +++ b/HTPasswdSync.module @@ -33,7 +33,7 @@ function _htpasswdsync_roles() { * @return array */ function _htpasswdsync_hashes() { - return array ('crypt' => 'crypt', 'SHA-1' => 'SHA-1'); + return array ('crypt' => 'crypt', 'SHA-1' => 'SHA-1', 'SHA-256-crypt' => 'SHA-256-crypt', 'SHA-512-crypt' => 'SHA-512-crypt'); } @@ -42,7 +42,7 @@ function _htpasswdsync_hashes() { * @return string */ function _htpasswdsync_hash() { - return variable_get('htpasswdsync_hash', 'SHA-1'); + return variable_get('htpasswdsync_hash', 'SHA-512-crypt'); } @@ -83,6 +83,21 @@ function _htpasswdsync_email_domain() { return variable_get('htpasswdsync_export_email_domain', ''); } +/** + * Returns a random (safe) string for salts + * Adopted from phpass by SolarDesigner and TimWolla on Stack Codereview + * @param int $count + * @return string + */ +function get_salt($count) { + $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/\\][{}\'";:?.>,<!@#$%^&*()-_=+|'; + $randString = ""; + for ($i = 0; $i < $count; $i++) { + $randString .= $charset[mt_rand(0, strlen($charset) - 1)]; + } + return $randString; +} + /** * Sanitizes the user name to be htpasswd conform. Removes ":" character as it @@ -113,6 +128,15 @@ function _htpasswdsync_crypt($password) { case 'SHA-1': return '{SHA}' . base64_encode(sha1($password, TRUE)); break; + case 'SHA-256-crypt': + $salt = get_salt(16); + return '{SHA256-crypt}' . crypt($password, '$5$' . $salt . '$'); + break; + case 'SHA-512-crypt': + $salt = get_salt(16); + return '{SHA512-crypt}' . crypt($password, '$6$' . $salt . '$'); + break; + default: return _htpasswdsync_hash(); } @@ -509,7 +533,7 @@ function htpasswdsync_admin_form() { $form['htpasswdsync_hash'] = array( '#type' => 'radios', '#title' => t('password hashing algorythm'), - '#description' => t("How shall the password be hashed (crypt only available for unix, SHA1 can be used on all platforms)"), + '#description' => t("How shall the password be hashed crypt (old unix), SHA1 (insecure, not salted!), SHA-256-crypt (safe) or SHA-512-crypt (best)"), '#options' => _htpasswdsync_hashes(), '#default_value' => _htpasswdsync_hash(), ); |