Add support of argon2i & argon2id password hash types

brenard · leenooks · commit 43bac5899098 · 2022-08-05T10:49:10.000+10:00
Closes pull-request #158
diff --git a/config/config.php.example b/config/config.php.example
@@ -93,6 +93,8 @@
 		'ssha512'=>'ssha512',
 		'sha256crypt'=>'sha256crypt',
 		'sha512crypt'=>'sha512crypt',
+		'argon2i'=>'argon2i',
+		'argon2id'=>'argon2id',
 	 )*/
 #  $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5');
 
diff --git a/lib/config_default.php b/lib/config_default.php
@@ -576,6 +576,8 @@ public function __construct() {
 				'ssha512'=>'ssha512',
 				'sha256crypt'=>'sha256crypt',
 				'sha512crypt'=>'sha512crypt',
+				'argon2i'=>'argon2i',
+				'argon2id'=>'argon2id',
 			));
 
 		/** Search display
diff --git a/lib/functions.php b/lib/functions.php
@@ -2299,6 +2299,20 @@ function pla_password_hash($password_clear,$enc_type) {
 
 			break;
 
+		case 'argon2i':
+			if (! defined('PASSWORD_ARGON2I'))
+				error(_('Your system does not support argon2i encryption (PHP 7.2 or upper is required).'),'error','index.php');
+			$new_value = sprintf('{ARGON2}%s',password_hash($password_clear,PASSWORD_ARGON2I));
+
+			break;
+
+		case 'argon2id':
+			if (! defined('PASSWORD_ARGON2ID'))
+				error(_('Your system does not support argon2id encryption (PHP 7.3 or upper is required).'),'error','index.php');
+			$new_value = sprintf('{ARGON2}%s',password_hash($password_clear,PASSWORD_ARGON2ID));
+
+			break;
+
 		case 'clear':
 		default:
 			$new_value = $password_clear;
@@ -2534,6 +2548,14 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
 
 			break;
 
+		# Argon2 crypted passwords
+		case 'argon2':
+			if (password_verify($plainpassword, $cryptedpassword))
+				return true;
+			else
+				return false;
+			break;
+
 		# No crypt is given assume plaintext passwords are used
 		default:
 			if ($plainpassword == $cryptedpassword)
@@ -2577,6 +2599,16 @@ function get_enc_type($user_password) {
 
 		elseif (preg_match('/{[^}]+}_+/',$user_password))
 			$enc_type = 'ext_des';
+
+	}
+	elseif (strcasecmp($enc_type,'argon2') == 0) {
+
+		if (preg_match('/{ARGON2}\$argon2i\$/',$user_password))
+			$enc_type = 'argon2i';
+
+		elseif (preg_match('/{ARGON2}\$argon2id\$/',$user_password))
+			$enc_type = 'argon2id';
+
 	}
 
 	return $enc_type;
