Add bcrypt support.

Author: jon5477

admin/schema.php

@@ -396,7 +396,7 @@
 	username						C(32)	NOTNULL DEFAULT \" '' \",
 	realname						C(64)	NOTNULL DEFAULT \" '' \",
 	email							C(64)	NOTNULL DEFAULT \" '' \",
-	password						C(32)	NOTNULL DEFAULT \" '' \",
+	password						C(60)	NOTNULL DEFAULT \" '' \",
 	date_created					T		NOTNULL DEFAULT '" . db_null_date() . "',
 	last_visit						T		NOTNULL DEFAULT '" . db_null_date() . "',
 	enabled							L		NOTNULL DEFAULT \" '1' \",
@@ -423,7 +423,7 @@
 		cookie_string
 	)
 	VALUES (
-		'administrator', '', 'root@localhost', '63a9f0ea7bb98050796b649e85481845',
+		'administrator', '', 'root@localhost', '" . password_hash('root', PASSWORD_BCRYPT) . "',
 		$t_timestamp, $t_timestamp, '1', '0', 90,
 		3, 0, 0, '"
 		. md5( mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() ) ) . md5( time() )

core/authentication_api.php

@@ -831,6 +831,10 @@ function auth_does_password_match( $p_user_id, $p_test_password ) {
 		BASIC_AUTH,
 	);
 
+	if ( BCRYPT == $t_configured_login_method ) {
+		return password_verify( $p_test_password, $t_password );
+	}
+
 	foreach( $t_login_methods as $t_login_method ) {
 		# pass the stored password in as the salt
 		if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) === $t_password ) {
@@ -884,6 +888,9 @@ function auth_process_plain_password( $p_password, $p_salt = null, $p_method = n
 	}
 
 	switch( $t_login_method ) {
+		case BCRYPT:
+			$t_processed_password = password_hash( $p_password, PASSWORD_BCRYPT );
+			break;
 		case CRYPT:
 
 			# a null salt is the same as no salt, which causes a salt to be generated

core/constant_inc.php

@@ -161,6 +161,7 @@
 define( 'LDAP', 4 );
 define( 'BASIC_AUTH', 5 );
 define( 'HTTP_AUTH', 6 );
+define( 'BCRYPT', 7 );
 
 # file upload methods
 define( 'DISK', 1 );