Merge 70d2b918c9 into 71bb892352

README.md

@@ -218,8 +218,13 @@ Please check if your config.inc.php fits the current requirements by comparing y
 
 ### Which password scheme does WebMUM use?
 
-WebMUM uses the SHA512-CRYPT password scheme, which is known as a very secure scheme these days. Support for more password schemes will be added soon.
+By default WebMUM uses SHA512-CRYPT password scheme. It cloud be change in the config file to SHA256-CRYPT or BLOWFISH-CRYPT.
 
+	 /*
+	 * Select on of the following schemas (only these are supported)
+	 * SHA-512, SHA-256, BLOWFISH
+	 */
+	define("PASS_HASH_SCHEMA", "SHA-512");
 
 ### "login/ cannot be found"
 

config/config.inc.php

@@ -55,9 +55,15 @@ $admins = array("admin@domain.tld");
 
 
 /*
- * Minimal password length
+ * Password
  */
-
+ /*
+ * Select on of the following schemas (only these are supported)
+ * SHA-512, SHA-256, BLOWFISH
+ */
+define("PASS_HASH_SCHEMA", "SHA-512");
+ 
+//minimum password length
 define("MIN_PASS_LENGTH", 8);
 
 /*

include/php/global.inc.php

@@ -74,14 +74,31 @@ function check_new_pass($pass1, $pass2){
 	}
 }
 
+function get_hash()
+{
+	switch(PASS_HASH_SCHEMA)
+	{
+		case "SHA-512":
+			return '$6$rounds=5000$';
+		break;
+		
+		case "SHA-256":
+			return '$5$rounds=5000$';
+		break;
+		
+		case "BLOWFISH":
+			return '$2a$09$';
+		break;
+	}
+}
 
 function gen_pass_hash($pass){
 	$salt = base64_encode(rand(1,1000000) + microtime());
-	$pass_hash = crypt($pass, '$6$rounds=5000$'.$salt.'$');
+	$hash_schema = get_hash();
+	$pass_hash = crypt($pass, $hash_schema.$salt.'$');
 	return $pass_hash;
 }
 
-
 function write_pass_hash_to_db($pass_hash, $uid){
 	global $db;
 	$uid = $db->escape_string($uid);