Mysql authentication will now use PHPass rather than relying on PHP's crypt function. It takes care of salting the password and validating against user input on the password itself.
An update is done to the mysql DB to increase the password length to 60 characters. A check is done for users logging in using the old format and the details are updated to the new encryption type.
028.sql is included to take care of the db schema change.
Updated mysql auth to use PHPass
Updated session / cookie support
Removed code that was previously commented out
Updated line 54 to $output.
I've updated line 54 to $output.
Not sure the check is relevant, both openssl and urandom generate the string at the length we want, the final fall back iterates until $output is the length of $count.
I've tried to keep this as simple as possible so that updates from PHPass at a later stage can be easily done.