diff --git a/tinyfilemanager.php b/tinyfilemanager.php
index d1848d95..b1891615 100644
--- a/tinyfilemanager.php
+++ b/tinyfilemanager.php
@@ -456,6 +456,24 @@ function getClientIP()
unset($p, $use_auth, $iconv_input_encoding, $use_highlightjs, $highlightjs_style);
+$password_algo_names = array('argon2i' => 'Argon2i', 'argon2id' => 'Argon2id', '2y' => 'bcrypt');
+$password_algos = array();
+if (function_exists('password_algos')) {
+ // PHP 7.4+
+ $password_algos = password_algos();
+} elseif (function_exists('password_hash')) {
+ // PHP 5.5+
+ $password_algos = array(PASSWORD_DEFAULT);
+ if (defined('PASSWORD_ARGON2I')) {
+ // PHP 7.2+
+ $password_algos[] = PASSWORD_ARGON2I;
+ }
+ if (defined('PASSWORD_ARGON2ID')) {
+ // PHP 7.3+
+ $password_algos[] = PASSWORD_ARGON2ID;
+ }
+}
+
/*************************** ACTIONS ***************************/
// Handle all AJAX Request
@@ -574,8 +592,9 @@ function getClientIP()
}
// new password hash
- if (isset($_POST['type']) && $_POST['type'] == "pwdhash") {
- $res = isset($_POST['inputPassword2']) && !empty($_POST['inputPassword2']) ? password_hash($_POST['inputPassword2'], PASSWORD_DEFAULT) : '';
+ if (isset($_POST['type']) && $_POST['type'] == "pwdhash" && !empty($password_algos)) {
+ $algo = isset($_POST['inputPassword2Algo']) && in_array($_POST['inputPassword2Algo'], $password_algos) ? $_POST['inputPassword2Algo'] : PASSWORD_DEFAULT;
+ $res = isset($_POST['inputPassword2']) && !empty($_POST['inputPassword2']) ? password_hash($_POST['inputPassword2'], $algo) : '';
echo $res;
}
@@ -1694,6 +1713,16 @@ function getSelected($l)
+
+
+
+
@@ -5486,6 +5515,7 @@ function lng($txt)
$tr['en']['Login'] = 'Sign in';
$tr['en']['Username'] = 'Username';
$tr['en']['Password'] = 'Password';
+ $tr['en']['PasswordAlgo'] = 'Password Algorithm';
$tr['en']['Logout'] = 'Sign Out';
$tr['en']['Move'] = 'Move';
$tr['en']['Copy'] = 'Copy';