+ # Make sure we can use bcrypt authentication in the future with this password.
+ # Also remove old-style SHA1 password when we migrate.
+ if (!$bcrypt_matches) {
+ my $salt = get_pseudorandom_bytes(16); # Doesn't need to be cryptographically secur.
+ my $hash = "\$2a\$07\$" . Crypt::Eksblowfish::Bcrypt::en_base64($salt);
+ my $cryptpassword = Crypt::Eksblowfish::Bcrypt::bcrypt($pass, $hash);
+ $dbh->do('UPDATE users SET sha1password=NULL,cryptpassword=? WHERE username=? AND vhost=?',
+ undef, $cryptpassword, $user, $r->get_server_name)
+ or die "Couldn't update: " . $dbh->errstr;
+ $r->log->info("Updated bcrypt hash for $user");
+ }
+