[SECURITY] keep up with modern password hashing standards

inc/mod/pages.php

@@ -1734,9 +1734,8 @@ function mod_user($uid) {
 		}
 		
 		if ($_POST['password'] != '') {
-			$salt = generate_salt();
-			$password = hash('sha256', $salt . sha1($_POST['password']));
-			
+			list($salt, $password) = crypt_password($_POST['password']);
+
 			$query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
 			$query->bindValue(':id', $uid);
 			$query->bindValue(':password', $password);
@@ -1761,8 +1760,7 @@ function mod_user($uid) {
 	
 	if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) {
 		if ($_POST['password'] != '') {
-			$salt = generate_salt();
-			$password = hash('sha256', $salt . sha1($_POST['password']));
+			list($salt, $password) = crypt_password($_POST['password']);
 
 			$query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
 			$query->bindValue(':id', $uid);
@@ -1834,8 +1832,7 @@ function mod_user_new() {
 		if (!isset($config['mod']['groups'][$type]) || $type == DISABLED)
 			error(sprintf($config['error']['invalidfield'], 'type'));
 		
-		$salt = generate_salt();
-		$password = hash('sha256', $salt . sha1($_POST['password']));
+		list($salt, $password) = crypt_password($_POST['password']);
 		
 		$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards)');
 		$query->bindValue(':username', $_POST['username']);