* Support for password hashes using text, md5 and hash, fix #77.

REVISION.md

@@ -8,6 +8,7 @@ Revision history
 v0.7.0.x (latest)
 -------------------------------------
 
+* Support for password hashes using `text`, `md5` and `hash`, fix #77.
 * Using `CWhitelist` for checking hotlinking to images, fix #88.
 * Added mode for `test` which enables logging verbose mode to file, fix #97.
 * Improved codestyle and added `phpcs.xml` to start using phpcs to check code style, fix #95.

webroot/img.php

@@ -229,20 +229,27 @@ if ($defaultTimezone) {
  */
 $pwdConfig   = getConfig('password', false);
 $pwdAlways   = getConfig('password_always', false);
+$pwdType     = getConfig('password_type', 'text');
 $pwd         = get(array('password', 'pwd'), null);
 
 // Check if passwords match, if configured to use passwords
-$passwordMatch = null;
-if ($pwdAlways) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
-    if (!$passwordMatch) {
-        errorPage("Password required and does not match or exists.");
+$passwordMatch = false;
+if ($pwd) {
+    switch($pwdType) {
+        case 'md5':
+            $passwordMatch = ($pwdConfig === md5($pwd));
+            break;
+        case 'hash':
+            $passwordMatch = password_verify($pwd, $pwdConfig);
+            break;
+        case 'text':
+            $passwordMatch = ($pwdConfig === $pwd);
+            break;
     }
+}
 
-} elseif ($pwdConfig && $pwd) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
+if ($pwdAlways && $passwordMatch !== true) {
+    errorPage("Password required and does not match or exists.");
 }
 
 verbose("password match = $passwordMatch");

webroot/img_config.php

@@ -51,12 +51,19 @@ return array(
     * Passwords are only used together with the options for remote download
     * and aliasing.
     *
+    * Create a passwords like this, depending on the type used:
+    *  text: 'my_password'
+    *  md5:  md5('my_password')
+    *  hash: password_hash('my_password', PASSWORD_DEFAULT)
+    *
     * Default values.
-    *  password:        false // as in do not use password
-    *  password_always: false // do not always require password,
+    *  password_always: false  // do not always require password,
+    *  password:        false  // as in do not use password
+    *  password_type:   'text' // use plain password, not encoded,
     */
-    //'password'        => false, // "secret-password",
     //'password_always' => false, // always require password,
+    //'password'        => false, // "secret-password",
+    //'password_type'   => 'text', // supports 'text', 'md5', 'hash',
 
 
 

webroot/imgd.php

@@ -3322,20 +3322,27 @@ if ($defaultTimezone) {
  */
 $pwdConfig   = getConfig('password', false);
 $pwdAlways   = getConfig('password_always', false);
+$pwdType     = getConfig('password_type', 'text');
 $pwd         = get(array('password', 'pwd'), null);
 
 // Check if passwords match, if configured to use passwords
-$passwordMatch = null;
-if ($pwdAlways) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
-    if (!$passwordMatch) {
-        errorPage("Password required and does not match or exists.");
+$passwordMatch = false;
+if ($pwd) {
+    switch($pwdType) {
+        case 'md5':
+            $passwordMatch = ($pwdConfig === md5($pwd));
+            break;
+        case 'hash':
+            $passwordMatch = password_verify($pwd, $pwdConfig);
+            break;
+        case 'text':
+            $passwordMatch = ($pwdConfig === $pwd);
+            break;
     }
+}
 
-} elseif ($pwdConfig && $pwd) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
+if ($pwdAlways && $passwordMatch !== true) {
+    errorPage("Password required and does not match or exists.");
 }
 
 verbose("password match = $passwordMatch");

webroot/imgp.php

@@ -3322,20 +3322,27 @@ if ($defaultTimezone) {
  */
 $pwdConfig   = getConfig('password', false);
 $pwdAlways   = getConfig('password_always', false);
+$pwdType     = getConfig('password_type', 'text');
 $pwd         = get(array('password', 'pwd'), null);
 
 // Check if passwords match, if configured to use passwords
-$passwordMatch = null;
-if ($pwdAlways) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
-    if (!$passwordMatch) {
-        errorPage("Password required and does not match or exists.");
+$passwordMatch = false;
+if ($pwd) {
+    switch($pwdType) {
+        case 'md5':
+            $passwordMatch = ($pwdConfig === md5($pwd));
+            break;
+        case 'hash':
+            $passwordMatch = password_verify($pwd, $pwdConfig);
+            break;
+        case 'text':
+            $passwordMatch = ($pwdConfig === $pwd);
+            break;
     }
+}
 
-} elseif ($pwdConfig && $pwd) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
+if ($pwdAlways && $passwordMatch !== true) {
+    errorPage("Password required and does not match or exists.");
 }
 
 verbose("password match = $passwordMatch");

webroot/imgs.php

@@ -3322,20 +3322,27 @@ if ($defaultTimezone) {
  */
 $pwdConfig   = getConfig('password', false);
 $pwdAlways   = getConfig('password_always', false);
+$pwdType     = getConfig('password_type', 'text');
 $pwd         = get(array('password', 'pwd'), null);
 
 // Check if passwords match, if configured to use passwords
-$passwordMatch = null;
-if ($pwdAlways) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
-    if (!$passwordMatch) {
-        errorPage("Password required and does not match or exists.");
+$passwordMatch = false;
+if ($pwd) {
+    switch($pwdType) {
+        case 'md5':
+            $passwordMatch = ($pwdConfig === md5($pwd));
+            break;
+        case 'hash':
+            $passwordMatch = password_verify($pwd, $pwdConfig);
+            break;
+        case 'text':
+            $passwordMatch = ($pwdConfig === $pwd);
+            break;
     }
+}
 
-} elseif ($pwdConfig && $pwd) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
+if ($pwdAlways && $passwordMatch !== true) {
+    errorPage("Password required and does not match or exists.");
 }
 
 verbose("password match = $passwordMatch");