use new functions seed_pass_hash() and seed_pass_verify()

inc/inc.ClassDbAuthentication.php

@@ -58,7 +58,7 @@ class SeedDMS_DbAuthentication extends SeedDMS_Authentication {
 			// Check if password matches (if not a guest user)
 			// Assume that the password has been sent via HTTP POST. It would be careless
 			// (and dangerous) for passwords to be sent via GET.
-			if (md5($password) != $user->getPwd()) {
+			if (!seed_pass_verify($password, $user->getPwd())) {
 				/* if counting of login failures is turned on, then increment its value */
 				if($settings->_loginFailure) {
 					$failures = $user->addLoginFailure();

op/op.ChangePassword.php

@@ -54,7 +54,7 @@ if (empty($newpassword) || empty($newpasswordrepeat) || $newpassword != $newpass
 
 $user = $dms->checkPasswordRequest($hash);
 if($user) {
-	$user->setPwd(md5($newpassword));
+	$user->setPwd(seed_pass_hash($newpassword));
 	$dms->deletePasswordRequest($hash);
 	header('Location: ../out/out.Login.php');
 	exit;

op/op.EditUserData.php

@@ -46,7 +46,7 @@ if(isset($_POST["theme"]))
 	$mytheme  = $_POST["theme"];
 $current_pwd  = $_POST["currentpwd"];
 
-if($user->getPwd() != md5($current_pwd)) {
+if(!seed_pass_verify($current_pwd, $user->getPwd())) {
 	UI::exitError(getMLText("edit_user_details"),getMLText("password_wrong"));
 }
 
@@ -61,14 +61,14 @@ if (isset($_POST["pwd"]) && ($_POST["pwd"] != "")) {
 				if ($current_pwd == $_POST["pwd"]) // history doesn't have the initial pw stored yet
 					UI::exitError(getMLText("set_password"),getMLText("password_already_used"));
 				$phm = new SeedDMS_PasswordHistoryManager($db);
-				$oldpwd = $phm->search($user, md5($_POST["pwd"]));
+				$oldpwd = $phm->search($user, seed_pass_hash($_POST["pwd"]));
 				if($oldpwd) {
 					UI::exitError(getMLText("set_password"),getMLText("password_already_used"));
 				} else {
-					$phm->add($user, md5($_POST["pwd"]));
+					$phm->add($user, seed_pass_hash($_POST["pwd"]));
 				}
 			}
-			$user->setPwd(md5($_POST["pwd"]));
+			$user->setPwd(seed_pass_hash($_POST["pwd"]));
 			$user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400));
 		} else {
 			UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient"));
@@ -76,14 +76,14 @@ if (isset($_POST["pwd"]) && ($_POST["pwd"] != "")) {
 	} else {
 		if($settings->_passwordHistory > 0) {
 			$phm = new SeedDMS_PasswordHistoryManager($db);
-			$oldpwd = $phm->search($user, md5($_POST["pwd"]));
+			$oldpwd = $phm->search($user, seed_pass_hash($_POST["pwd"]));
 			if($oldpwd) {
 				UI::exitError(getMLText("set_password"),getMLText("password_already_used"));
 			} else {
-				$phm->add($user, md5($_POST["pwd"]));
+				$phm->add($user, seed_pass_hash($_POST["pwd"]));
 			}
 		}
-		$user->setPwd(md5($_POST["pwd"]));
+		$user->setPwd(seed_pass_hash($_POST["pwd"]));
 		$user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400));
 	}
 }

op/op.UsrMgr.php

@@ -68,7 +68,7 @@ if ($action == "adduser") {
 		UI::exitError(getMLText("admin_tools"),getMLText("user_exists"));
 	}
 
-	$newUser = $dms->addUser($login, md5($pwd), $name, $email, $settings->_language, $settings->_theme, $comment, $role, $isHidden, $isDisabled, $pwdexpiration, $quota, $homefolder);
+	$newUser = $dms->addUser($login, seed_pass_hash($pwd), $name, $email, $settings->_language, $settings->_theme, $comment, $role, $isHidden, $isDisabled, $pwdexpiration, $quota, $homefolder);
 	if ($newUser) {
 
 		/* Set user image if uploaded */
@@ -367,7 +367,7 @@ else if ($action == "edituser") {
 		$editedUser->setPwd('');
 	} else {
 		if (isset($pwd) && ($pwd != "")) {
-			$editedUser->setPwd(md5($pwd));
+			$editedUser->setPwd(seed_pass_hash($pwd));
 		}
 	}
 	if ($editedUser->getFullName() != $name)