improved password generating method (salt + SHA-256)

inc/models/UsersModel.class.php

@@ -22,6 +22,7 @@ class UsersModel extends Model
 	
 	public function createNewUser($nick, $passwd, $email)
 	{
+		$passwd = $this->generatePasswordHash($nick, $passwd);
 		$this->db->query('call add_user(\''.$nick.'\', \''.$passwd.'\', \''.$email.'\');'); 
 	}
 	
@@ -59,8 +60,9 @@ class UsersModel extends Model
 		return $this->user_info;
 	}
 	
-	public function changeUserPassword($user_id, $passwd)
+	public function changeUserPassword($user_id, $nick, $passwd)
 	{
+		$passwd = $this->generatePasswordHash($nick, $passwd);
 		$query = 
 		'UPDATE .'.USERS_TABLE.'
 		SET `password`=\''.$passwd.'\'
@@ -128,5 +130,16 @@ class UsersModel extends Model
 		WHERE `user_id` = \''.$user_id.'\'';
 		$this->db->query($query);
 	}
+	
+	public function generatePasswordHash($nick, $password)
+	{
+		$modulo =  strlen($nick) % 8;
+		
+		$salt_begin = substr(RANDOM_STRING, $modulo*SALT_LENGTH, SALT_LENGTH-$modulo);
+		
+		$salt_end = substr(RANDOM_STRING, $modulo*SALT_LENGTH + SALT_LENGTH-$modulo, $modulo);
+		
+		return hash('haval256,5', $salt_begin.$password.$salt_end);
+	}
 }
 ?>