From 1754ad4320f0f7371f9136eea4fb7003e75de8bb Mon Sep 17 00:00:00 2001
From: Alain Lamar <alain_lamar@yahoo.de>
Date: Mon, 13 Oct 2014 22:54:28 +0200
Subject: [PATCH] * altered generate_pw_hash to produce SHA-512 hashes (unix
 type 6) * altered is_pw_correct to check against the old and against the new
 hashes. Backward compatibility is preserved.

---
 cms/includes/functions.admin.inc.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/cms/includes/functions.admin.inc.php b/cms/includes/functions.admin.inc.php
index 570ef14..5616be2 100644
--- a/cms/includes/functions.admin.inc.php
+++ b/cms/includes/functions.admin.inc.php
@@ -7,9 +7,11 @@
  */
 function generate_pw_hash($pw)
  {
-  $salt = random_string(10,'0123456789abcdef');
-  $salted_hash = sha1($pw.$salt);
-  $hash_with_salt = $salted_hash.$salt;
+  #$salt = random_string(10,'0123456789abcdef');
+  #$salted_hash = sha1($pw.$salt);
+  #$hash_with_salt = $salted_hash.$salt;
+  $salt = random_string(16);
+  $hash_with_salt = crypt($pw, '$6$rounds=5000$'.$salt.'$');
   return $hash_with_salt;
  }
 
@@ -29,6 +31,7 @@ function is_pw_correct($pw,$hash)
     if(sha1($pw.$salt)==$salted_hash) return true;
     else return false;
    }
+  elseif(crypt($pw, $hash) == $hash) return true;
   else return false;
  }