Add option to list available password types - closes #143

2021-12-01 14:10:16 +01:00 · 2021-12-01 14:10:16 +01:00 · a8c9abe22b
commit a8c9abe22b
parent 1c7340ce48
3 changed files with 50 additions and 21 deletions
--- a/config/config.php.example
+++ b/config/config.php.example
@ -71,6 +71,31 @@
   environments. */
 #  $config->custom->password['no_random_crypt_salt'] = true;

+/* If you want to restrict password available types (encryption algorithms)
+	 Should be subset of:
+	 array(
+		''=>'clear',
+		'bcrypt'=>'bcrypt',
+		'blowfish'=>'blowfish',
+		'crypt'=>'crypt',
+		'ext_des'=>'ext_des',
+		'md5'=>'md5',
+		'k5key'=>'k5key',
+		'md5crypt'=>'md5crypt',
+		'sha'=>'sha',
+		'smd5'=>'smd5',
+		'ssha'=>'ssha',
+		'sha256'=>'sha256',
+		'ssha256'=>'ssha256',
+		'sha384'=>'sha384',
+		'ssha384'=>'ssha384',
+		'sha512'=>'sha512',
+		'ssha512'=>'ssha512',
+		'sha256crypt'=>'sha256crypt',
+		'sha512crypt'=>'sha512crypt',
+	 )*/
+#  $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5');
+
 /* PHP script timeout control. If php runs longer than this many seconds then
   PHP will stop with an Maximum Execution time error. Increase this value from
   the default if queries to your LDAP server are slow. The default is either
--- a/lib/config_default.php
+++ b/lib/config_default.php
@ -554,6 +554,30 @@ class Config {
 			'desc'=>'Disable random salt for crypt()',
 			'default'=>false);

+		$this->default->password['available_types'] = array(
+			'desc'=>'List of available password types used for encryption',
+			'default'=>array(
+				''=>'clear',
+				'bcrypt'=>'bcrypt',
+				'blowfish'=>'blowfish',
+				'crypt'=>'crypt',
+				'ext_des'=>'ext_des',
+				'md5'=>'md5',
+				'k5key'=>'k5key',
+				'md5crypt'=>'md5crypt',
+				'sha'=>'sha',
+				'smd5'=>'smd5',
+				'ssha'=>'ssha',
+				'sha256'=>'sha256',
+				'ssha256'=>'ssha256',
+				'sha384'=>'sha384',
+				'ssha384'=>'ssha384',
+				'sha512'=>'sha512',
+				'ssha512'=>'ssha512',
+				'sha256crypt'=>'sha256crypt',
+				'sha512crypt'=>'sha512crypt',
+			));
+
 		/** Search display
 		 * By default, when searching you may display a list or a table of results.
 		 * Set this to 'table' to see table formatted results.
--- a/lib/functions.php
+++ b/lib/functions.php
@ -2148,27 +2148,7 @@ function password_types() {
 	if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);

-	return array(
-		''=>'clear',
-		'bcrypt'=>'bcrypt',
-		'blowfish'=>'blowfish',
-		'crypt'=>'crypt',
-		'ext_des'=>'ext_des',
-		'md5'=>'md5',
-		'k5key'=>'k5key',
-		'md5crypt'=>'md5crypt',
-		'sha'=>'sha',
-		'smd5'=>'smd5',
-		'ssha'=>'ssha',
-		'sha256'=>'sha256',
-		'ssha256'=>'ssha256',
-		'sha384'=>'sha384',
-		'ssha384'=>'ssha384',
-		'sha512'=>'sha512',
-		'ssha512'=>'ssha512',
-		'sha256crypt'=>'sha256crypt',
-		'sha512crypt'=>'sha512crypt',
-	);
+	return $_SESSION[APPCONFIG]->getValue('password', 'available_types');
 }

 /**