FileRUN - Web based document flow management system

Encrypting the passwords

From FileRun Documentation

To store the users passwords encrypted in the MySQL database, one of the following configuration directive sets needs to be included inside the file "/path-to-filerun/customizables/config.php".

Please note that once a password encryption is configured, the FileRun users will no longer be able to use the password recovery feature.

MD5 Encrypting 

 
$config['system']['passwords_encryption'] = array(
	"encode_function" => "md5",
	"compare_function" => "compare_passwords_md5"
);
 
function compare_passwords_md5($readablePass, $encodedPass) {
	return (md5($readablePass) == $encodedPass);
}
 

After setting the encryption method, you can use the following MySQL query to encrypt the existing passwords: 

UPDATE `df_users` SET password=MD5(password)


SSHA Encrypting (To be used when importing users from LDAP) 

 
$config['system']['passwords_encryption'] = array(
	"encode_function" => "encode_password_ssha",
	"compare_function" => "compare_passwords_ssha"
);
 
function encode_password_ssha($pass) {
	mt_srand((double)microtime()*1000000);
	$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
	return "{SSHA}".base64_encode(pack("H*", sha1($pass . $salt)).$salt);
}
function compare_passwords_ssha($readablePass, $encodedPass) {
	$ohash = base64_decode(substr($encodedPass,6));
	$osalt = substr($ohash,20);
	$ohash = substr($ohash,0,20);
	$nhash = pack("H*",sha1($readablePass.$osalt));
	return ($ohash == $nhash);
}
 
Retrieved from "http://docs.filerun.com/index.php?title=Encrypting_the_passwords"