lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix dol_hash for sha256

Browse Source
This commit is contained in:
Laurent Destailleur 2021-07-30 18:43:35 +02:00
parent 57d637ac71
commit 9c626bede4
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/lib/security.lib.php
View File

@ -98,7 +98,7 @@ function dol_decode($chain, $key = '1')
* If constant MAIN_SECURITY_SALT is defined, we use it as a salt (used only if hashing algorightm is something else than 'password_hash').
*
* @param string $chain String to hash
* @param string $type Type of hash ('0':auto will use MAIN_SECURITY_HASH_ALGO else md5, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap with no salt, '5':sha256). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'.
* @param string $type Type of hash ('0':auto will use MAIN_SECURITY_HASH_ALGO else md5, '1':sha1, '2':sha1+md5, '3':md5, '4':md5 for OpenLdap with no salt, '5':sha256, '6':password_hash). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'.
* @return string Hash of string
* @see getRandomPassword()
*/
@ -124,8 +124,10 @@ function dol_hash($chain, $type = '0')
return md5($chain);
} elseif ($type == '4' || $type == 'md5openldap') {
return '{md5}'.base64_encode(mhash(MHASH_MD5, $chain)); // For OpenLdap with md5 (based on an unencrypted password in base)
} elseif ($type == '5') {
} elseif ($type == '5' || $type == 'sha256') {
return hash('sha256', $chain);
} elseif ($type == '6' || $type == 'password_hash') {
return password_hash($chain, PASSWORD_DEFAULT);
} elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1') {
return sha1($chain);
} elseif (!empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1md5') {