Use sha512 crypt to store ftp password hashes

bureau/class/m_ftp.php

@@ -321,7 +321,7 @@ function put_ftp_details($id, $prefixe, $login, $pass, $dir) {
                     return false; // The error has been raised by checkPolicy()
                 }
             }
-            $encrypted_password = _md5cr($pass, strrev(microtime(true)));
+            $encrypted_password = _sha512cr($pass);
             $db->query("UPDATE ftpusers SET name= ? , password='', encrypted_password= ?, homedir= ?, uid= ? WHERE id= ?;", array($full_login, $encrypted_password, $absolute, $cuid, $id));
         } else {
             $db->query("UPDATE ftpusers SET name= ? , homedir= ? , uid= ? WHERE id= ? ;", array($full_login, $absolute, $cuid, $id));
@@ -406,7 +406,7 @@ function add_ftp($prefixe, $login, $pass, $dir) {
         }
 
         if ($quota->cancreate("ftp")) {
-            $encrypted_password = _md5cr($pass, strrev(microtime(true)));
+            $encrypted_password = _sha512cr($pass);
             $db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ( ?, '', ?, ?, ?)", array($full_login, $encrypted_password, $absolute, $cuid));
             return true;
         } else {

install/mysql.sql

@@ -129,7 +129,7 @@ CREATE TABLE IF NOT EXISTS ftpusers (
   id int(10) unsigned NOT NULL auto_increment,
   name varchar(64) NOT NULL default '',
   password varchar(32) NOT NULL default '',
-  encrypted_password VARCHAR(32) default NULL,
+  encrypted_password VARCHAR(255) default NULL,
   homedir varchar(128) NOT NULL default '',
   uid int(10) unsigned NOT NULL default '0',
   enabled boolean NOT NULL DEFAULT TRUE,

install/upgrades/3.4.11.sql

@@ -1 +1,2 @@
 ALTER TABLE `membres` MODIFY `pass` varchar(255);
+ALTER TABLE `ftpusers` MODIFY `encrypted_password` varchar(255);