Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1929)
+++ branches/2.8.x/CHANGELOG	(revision 1930)
@@ -11,6 +11,8 @@
 ! = Update/Change
 ===============================================================================
 
+09 Jul-2013 Build 1930 Werner v.d.Decken(DarkViper)
+! implement class Password and activate it
 21 Jun-2013 Build 1929 Werner v.d.Decken(DarkViper)
 ! added new method to class Translate. it gives posibility to handle translations with additional replacements.
 20 Jun-2013 Build 1928 Werner v.d.Decken(DarkViper)
Index: branches/2.8.x/wb/upgrade-script.php
===================================================================
--- branches/2.8.x/wb/upgrade-script.php	(revision 1929)
+++ branches/2.8.x/wb/upgrade-script.php	(revision 1930)
@@ -577,6 +577,17 @@
 
     $aDebugMessage[] = (db_update_key_value( 'settings', $cfg ) ? " $OK<br />" : " $FAIL!<br />");
 
+	/**********************************************************
+	 *  - Adding password settings to settings table
+	 */
+	$aDebugMessage[] = "<span>Adding/updating password settings to settings table</span>";
+	$cfg = array();
+	$cfg['password_crypt_loops'] = (defined('PASSWORD_CRYPT_LOOPS') ? PASSWORD_CRYPT_LOOPS : '12');
+	$cfg['password_hash_type'] = (defined('PASSWORD_HASH_TYPES') ? PASSWORD_HASH_TYPES : 'false');
+	$cfg['password_length'] = (defined('PASSWORD_LENGTH') ? PASSWORD_LENGTH : '10');
+	$cfg['password_use_types'] = (defined('PASSWORD_USE_TYPES') ? PASSWORD_USE_TYPES : (int)0xFFFF);
+    $aDebugMessage[] = (db_update_key_value( 'settings', $cfg ) ? " $OK<br />" : " $FAIL!<br />");
+
 if($bDebugModus) {
     echo implode(PHP_EOL,$aDebugMessage);
 }
Index: branches/2.8.x/wb/include/phpass/PasswordHash.php
===================================================================
--- branches/2.8.x/wb/include/phpass/PasswordHash.php	(revision 1929)
+++ branches/2.8.x/wb/include/phpass/PasswordHash.php	(revision 1930)
@@ -27,11 +27,11 @@
  */
 
 class PasswordHash {
-	private $itoa64;
-	private $itoa64BlowFish;
-	private $iteration_count_log2;
-	private $portable_hashes;
-	private $random_state;
+	protected $itoa64;
+	protected $itoa64BlowFish;
+	protected $random_state;
+	protected $iteration_count_log2;
+	protected $portable_hashes;
 
 	public function __construct($iteration_count_log2, $portable_hashes)
 	{
@@ -154,9 +154,8 @@
  */
 	private function gensalt_sha($input, $sType = 'SHA512')
 	{
-		$iType = ($sType === 'SHA512') ? 6 : (($sType === 'SHA256') ? 5 : 6);
-		$iIterations = pow(2, $this->iteration_count_log2);
-		$iIterations = min(max($iIterations, 10000), 999999999);
+		$iType = ($sType === 'SHA256' ? 5 : 6);
+		$iIterations = min(max(pow(2, $this->iteration_count_log2), 10000), 999999999);
 		$output = '$'.(string)$iType.'$rounds='.(string)$iIterations.'$';
 		$output .= $this->encode64($input, 16);
 		return $output;
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php	(revision 1929)
+++ branches/2.8.x/wb/admin/interface/version.php	(revision 1930)
@@ -51,5 +51,5 @@
 
 // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
 if(!defined('VERSION')) define('VERSION', '2.8.3');
-if(!defined('REVISION')) define('REVISION', '1929');
+if(!defined('REVISION')) define('REVISION', '1930');
 if(!defined('SP')) define('SP', '');
Index: branches/2.8.x/wb/framework/initialize.php
===================================================================
--- branches/2.8.x/wb/framework/initialize.php	(revision 1929)
+++ branches/2.8.x/wb/framework/initialize.php	(revision 1930)
@@ -341,5 +341,8 @@
 										 'WbOldStyle',
 										 (DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0)
 										);
+	$oPass = Password::getInstance();
+	if(defined('PASSWORD_CRYPT_LOOPS')) { $oPass->setIteration(PASSWORD_CRYPT_LOOPS); }
+	if(defined('PASSWORD_HASH_TYPES'))  { $oPass->setIteration(PASSWORD_HASH_TYPES); }
 // *** END OF FILE ***********************************************************************
  
\ No newline at end of file
Index: branches/2.8.x/wb/framework/Password.php
===================================================================
--- branches/2.8.x/wb/framework/Password.php	(revision 1929)
+++ branches/2.8.x/wb/framework/Password.php	(revision 1930)
@@ -31,22 +31,19 @@
  *               ISTeam changes: added SHA-256, SHA-512 (2012/10/27 Werner v.d. Decken)
  */
 
-// backwardcompatibility for PHP 5.2.2 + WB2.8.x
 if(!class_exists('PasswordHash')) {
-	include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php'); 
+	include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php');
 }
 
-
 class Password extends PasswordHash
-//class Password extends vendors\phpass\PasswordHash
 {
 
-	const CRYPT_LOOPS_MIN     =  6;  // minimum numbers of loops is 2^6 (64) very, very quick
+	const CRYPT_LOOPS_MIN     =  6;  // minimum numbers of loops is 2^6 (64) very quick but unsecure
 	const CRYPT_LOOPS_MAX     = 31;  // maximum numbers of loops is 2^31 (2,147,483,648) extremely slow
 	const CRYPT_LOOPS_DEFAULT = 12;  // default numbers of loopf is 2^12 (4096) a good average
 
 	const HASH_TYPE_PORTABLE  = true;  // use MD5 only
-	const HASH_TYPE_AUTO      = false; // select highest available crypting methode
+	const HASH_TYPE_AUTO      = false; // select highest available crypting methode (default)
 
 	const PW_LENGTH_MIN       =   6;
 	const PW_LENGTH_MAX       = 100;
@@ -58,16 +55,64 @@
 	const PW_USE_SPECIAL      = 0x0008; // use special chars
 	const PW_USE_ALL          = 0xFFFF; // use all possibilities
 
+	/** holds the active singleton instance */
+	private static $_oInstance     = null;
+
+	protected $oHashMethods        = null;
+	protected $iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT;
+	protected $bPortableHashes     = self::HASH_TYPE_AUTO;
+
 /**
- * 
- * @param int number of iterations as exponent of 2 (must be between 4 and 31)
- * @param bool TRUE = use MD5 only | FALSE = automatic
+ * constructor
  */
-	public function __construct($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT, $bPortableHashes = self::HASH_TYPE_AUTO)
+	protected function __construct()
 	{
-		parent::__construct($iIterationCountLog2, $bPortableHashes);
+		parent::__construct(self::CRYPT_LOOPS_DEFAULT, self::HASH_TYPE_AUTO);
 	}
 /**
+ * dissable cloning
+ */
+	private function __clone() {
+		;
+	}
+/**
+ * get current instance or create new one
+ * @return Password
+ */
+	public static function getInstance()
+	{
+		if( is_null(self::$_oInstance) ) {
+            $c = __CLASS__;
+            self::$_oInstance = new $c;
+			self::$_oInstance->setIteration(self::CRYPT_LOOPS_DEFAULT);
+			self::$_oInstance->setHashType(self::HASH_TYPE_AUTO);
+		}
+		return self::$oInstance;
+	}
+/**
+ * set the number of iterations
+ * @param int $iIterationCountLog2 number of iterations defined as the exponent to basic 2
+ */
+	public function setIteration($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT)
+	{
+		$this->iteration_count_log2 = min(max($iIterationCountLog2, self::CRYPT_LOOPS_MIN), self::CRYPT_LOOPS_MAX);
+	}
+/**
+ * set type of hash generation
+ * @param bool $bPortableHashes
+ * @description HASH_TYPE_AUTO will choose the higest available algorithm to create a hash (default)<br />
+ *              Attention: it's possible that high level generated hashes from PHP>=5.3 are not validable under PHP<5.3!!<br />
+ *              HASH_TYPE_PORTABLE choose MD5 hashing with salt and n iterations
+ */
+	public function setHashType($bPortableHashes = self::HASH_TYPE_AUTO)
+	{
+		if(version_compare('5.3', PHP_VERSION, '<')) {
+			$this->portable_hashes = self::HASH_TYPE_PORTABLE;
+		}else {
+			$this->portable_hashes = (boolean)$bPortableHashes;
+		}
+	}
+/**
  * make hash from password
  * @param string password to hash
  * @return string generated hash. Null if failed.
@@ -97,6 +142,7 @@
  */
 	public static function isValid($sPassword)
 	{
+/** @todo extend blacklist with additional utf8 codes */
 		$sBlackList = '\"\'\,\;\<\>\?\\\{\|\}\~ '
 		            . '\x00-\x20\x22\x27\x2c\x3b\x3c\x3e\x3f\x5c\x7b-\x7f\xff';
 		$bRetval = !preg_match('/['.$sBlackList.']/si', $sPassword);
Index: branches/2.8.x/wb/install/save.php
===================================================================
--- branches/2.8.x/wb/install/save.php	(revision 1929)
+++ branches/2.8.x/wb/install/save.php	(revision 1930)
@@ -471,78 +471,92 @@
 
 	require(ADMIN_PATH.'/interface/version.php');
 
-	$settings_rows=	"INSERT INTO `".TABLE_PREFIX."settings` "
-	." (setting_id, name, value) VALUES "
-	." ( 1, 'wb_version', '".VERSION."'),"
-	." ( 2, 'website_title', '$website_title'),"
-	." ( 3, 'website_description', ''),"
-	." ( 4, 'website_keywords', ''),"
-	." ( 5, 'website_header', ''),"
-	." ( 6, 'website_footer', ''),"
-	." ( 7, 'wysiwyg_style', 'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;'),"
-	." ( 8, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt'),"
-	." ( 9, 'er_level', '0'),"
-	." (10, 'default_language', '$default_language'),"
-	." (11, 'app_name', 'wb_$session_rand'),"
-	." (12, 'sec_anchor', 'Sec'),"
-	." (13, 'default_timezone', '$default_timezone'),"
-	." (14, 'default_date_format', 'Y-m-d'),"
-	." (15, 'default_time_format', 'h:i A'),"
-	." (16, 'redirect_timer', '1500'),"
-	." (17, 'home_folders', 'true'),"
-	." (18, 'warn_page_leave', '1'),"
-	." (19, 'default_template', 'round'),"
-	." (20, 'default_theme', 'wb_theme'),"
-	." (21, 'default_charset', 'utf-8'),"
-	." (22, 'multiple_menus', 'true'),"
-	." (23, 'page_level_limit', '6'),"
-	." (24, 'intro_page', 'false'),"
-	." (25, 'page_trash', 'inline'),"
-	." (26, 'homepage_redirection', 'false'),"
-	." (27, 'page_languages', 'true'),"
-	." (28, 'wysiwyg_editor', 'fckeditor'),"
-	." (29, 'manage_sections', 'true'),"
-	." (30, 'section_blocks', 'false'),"
-	." (31, 'smart_login', 'false'),"
-	." (32, 'frontend_login', 'false'),"
-	." (33, 'frontend_signup', 'false'),"
-	." (34, 'search', 'public'),"
-	." (35, 'page_extension', '.php'),"
-	." (36, 'page_spacer', '-'),"
-	." (37, 'pages_directory', '/pages'),"
-	." (38, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt'),"
-	." (39, 'media_directory', '/media'),"
-	." (40, 'operating_system', '$operating_system'),"
-	." (41, 'string_file_mode', '$file_mode'),"
-	." (42, 'string_dir_mode', '$dir_mode'),"
-	." (43, 'wbmailer_routine', 'phpmail'),"
-	." (44, 'server_email', '$admin_email'),"
-	." (45, 'wbmailer_default_sendername', 'WebsiteBaker Mailer'),"
-	." (46, 'wbmailer_smtp_host', ''),"
-	." (47, 'wbmailer_smtp_auth', ''),"
-	." (48, 'wbmailer_smtp_username', ''),"
-	." (49, 'wbmailer_smtp_password', ''),"
-	." (50, 'fingerprint_with_ip_octets', '2'),"
-	." (51, 'secure_form_module', ''),"
-	." (52, 'mediasettings', ''),"
-	." (53, 'wb_revision', '".REVISION."'),"
- 	." (54, 'wb_sp', '".SP."'),"
-	." (55, 'page_icon_dir', '/templates/*/title_images'),"
-	." (56, 'dev_infos', 'false'),"
-	." (57, 'groups_updated', '".time()."'),"
-	." (58, 'wbmail_signature', ''),"
-	." (59, 'confirmed_registration', '1'),"
-	." (60, 'page_extendet', 'true'),"
-	." (62, 'system_locked', '0')";
+	$sql = 'INSERT INTO `'.TABLE_PREFIX.'settings` (`name`, `value`) VALUES '
+	     . '(\'wb_version\', \''.VERSION.'\'), '
+	     . '(\'website_title\', \''.$website_title.'\'), '
+	     . '(\'website_description\', \'\'), '
+	     . '(\'website_keywords\', \'\'), '
+	     . '(\'website_header\', \'\'), '
+	     . '(\'website_footer\', \'\'), '
+	     . '(\'wysiwyg_style\', \'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;\'), '
+	     . '(\'rename_files_on_upload\', \'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt\'), '
+	     . '(\'er_level\', \'0\'), '
+	     . '(\'default_language\', \''.$default_language.'\'), '
+	     . '(\'app_name\', \'wb_'.$session_rand.'\'), '
+	     . '(\'sec_anchor\', \'Sec\'), '
+	     . '(\'default_timezone\', \''.$default_timezone.'\'), '
+	     . '(\'default_date_format\', \'Y-m-d\'), '
+	     . '(\'default_time_format\', \'h:i A\'), '
+	     . '(\'redirect_timer\', \'1500\'), '
+	     . '(\'home_folders\', \'true\'), '
+	     . '(\'warn_page_leave\', \'1\'), '
+	     . '(\'default_template\', \'round\'), '
+	     . '(\'default_theme\', \'wb_theme\'), '
+	     . '(\'default_charset\', \'utf-8\'), '
+	     . '(\'multiple_menus\', \'true\'), '
+	     . '(\'page_level_limit\', \'6\'), '
+	     . '(\'intro_page\', \'false\'), '
+	     . '(\'page_trash\', \'inline\'), '
+	     . '(\'homepage_redirection\', \'false\'), '
+	     . '(\'page_languages\', \'true\'), '
+	     . '(\'wysiwyg_editor\', \'fckeditor\'), '
+	     . '(\'manage_sections\', \'true\'), '
+	     . '(\'section_blocks\', \'false\'), '
+	     . '(\'smart_login\', \'false\'), '
+	     . '(\'frontend_login\', \'false\'), '
+	     . '(\'frontend_signup\', \'false\'), '
+	     . '(\'search\', \'public\'), '
+	     . '(\'page_extension\', \'.php\'), '
+	     . '(\'page_spacer\', \'-\'), '
+	     . '(\'pages_directory\', \'/pages\'), '
+	     . '(\'rename_files_on_upload\', \'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt\'), '
+	     . '(\'media_directory\', \'/media\'), '
+	     . '(\'operating_system\', \''.$operating_system.'\'), '
+	     . '(\'string_file_mode\', \''.$file_mode.'\'), '
+	     . '(\'string_dir_mode\', \''.$dir_mode.'\'), '
+	     . '(\'wbmailer_routine\', \'phpmail\'), '
+	     . '(\'server_email\', \''.$admin_email.'\'), '
+	     . '(\'wbmailer_default_sendername\', \'WebsiteBaker Mailer\'), '
+	     . '(\'wbmailer_smtp_host\', \'\'), '
+	     . '(\'wbmailer_smtp_auth\', \'\'), '
+	     . '(\'wbmailer_smtp_username\', \'\'), '
+	     . '(\'wbmailer_smtp_password\', \'\'), '
+	     . '(\'fingerprint_with_ip_octets\', \'2\'), '
+	     . '(\'secure_form_module\', \'\'), '
+	     . '(\'mediasettings\', \'\'), '
+	     . '(\'wb_revision\', \''.REVISION.'\'), '
+ 	     . '(\'wb_sp\', \''.SP.'\'), '
+	     . '(\'page_icon_dir\', \'/templates/*/title_images\'), '
+	     . '(\'dev_infos\', \'false\'), '
+	     . '(\'groups_updated\', \''.time().'\'), '
+	     . '(\'wbmail_signature\', \'\'), '
+	     . '(\'confirmed_registration\', \'1\'), '
+	     . '(\'page_extendet\', \'true\'), '
+	     . '(\'system_locked\', \'0\'), '
+	     . '(\'password_crypt_loops\', \'12\'), '
+	     . '(\'password_hash_type\', \'false\'), '
+	     . '(\'password_length\', \'10\'), '
+		 . '(\'password_use_types\', \''.(int)0xFFFF.'\') '
+	     . '';
 	if(!$database->query($settings_rows)) { set_error($database->get_error()); }
 
 	// Admin group
-	$full_system_permissions  = 'access,addons,admintools,admintools_view,groups,groups_add,groups_delete,groups_modify,groups_view,';
-	$full_system_permissions .= 'languages,languages_install,languages_uninstall,languages_view,media,media_create,media_delete,media_rename,media_upload,media_view,';
-	$full_system_permissions .= 'modules,modules_advanced,modules_install,modules_uninstall,modules_view,pages,pages_add,pages_add_l0,pages_delete,pages_intro,pages_modify,pages_settings,pages_view,';
-	$full_system_permissions .= 'preferences,preferences_view,settings,settings_advanced,settings_basic,settings_view,templates,templates_install,templates_uninstall,templates_view,users,users_add,users_delete,users_modify,users_view';
-	$insert_admin_group = "INSERT INTO `".TABLE_PREFIX."groups` VALUES ('1', 'Administrators', '$full_system_permissions', '', '')";
-	if(!$database->query($insert_admin_group)) { set_error($database->get_error()); }
+	$full_system_permissions  = 'access,addons,admintools,admintools_view,groups,groups_add,groups_delete,'
+	                          . 'groups_modify,groups_view,languages,languages_install,languages_uninstall,'
+	                          . 'languages_view,media,media_create,media_delete,media_rename,media_upload,'
+	                          . 'media_view,modules,modules_advanced,modules_install,modules_uninstall,'
+	                          . 'modules_view,pages,pages_add,pages_add_l0,pages_delete,pages_intro,'
+	                          . 'pages_modify,pages_settings,pages_view,preferences,preferences_view,'
+	                          . 'settings,settings_advanced,settings_basic,settings_view,templates,'
+	                          . 'templates_install,templates_uninstall,templates_view,users,users_add,'
+	                          . 'users_delete,users_modify,users_view';
+	$sql = 'INSERT INTO `'.TABLE_PREFIX.'groups` '
+	     . 'SET `group_id` =1,'
+	     .     '`name`=\'Administrators\','
+		 .     '`system_permissions`=\''.$full_system_permissions.'\','
+		 .     '`module_permissions`=\'\','
+		 .     '`template_permissions`=\'\'';
+	if(!$database->query($sql)) { set_error($database->get_error()); }
 
 // Admin user
 	$insert_admin_user = "INSERT INTO `".TABLE_PREFIX."users` VALUES (1, 1, '1', 1, '$admin_username', '".md5($admin_password)."', '', 0, '', 0, 'Administrator', '$admin_email', $default_timezone, '', '', '$default_language', '', 0, '');";