diff -rup pure-ftpd-1.0.36/src/crypto.c pure-ftpd-1.0.36-phpass/src/crypto.c
--- pure-ftpd-1.0.36/src/crypto.c       2011-04-17 08:05:54.000000000 -0700
+++ pure-ftpd-1.0.36-phpass/src/crypto.c        2012-04-20 02:07:08.288870553 -0700
@@ -47,6 +47,78 @@ static char *hexify(char * const result,
     return result;
 }
 
+/**
+ * characters used for Base64 encoding
+ */
+const char *BASE64_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/**
+ * encode three bytes using base64 (RFC 3548)
+ *
+ * @param triple three bytes that should be encoded
+ * @param result buffer of four characters where the result is stored
+ */
+void _base64_encode_triple(unsigned char triple[3], char result[4])
+{
+       int tripleValue, i;
+
+       tripleValue = triple[0];
+       tripleValue *= 256;
+       tripleValue += triple[1];
+       tripleValue *= 256;
+       tripleValue += triple[2];
+
+       for (i=0; i<4; i++)
+       {
+               result[3-i] = BASE64_CHARS[tripleValue%64];
+               tripleValue /= 64;
+       }
+}
+
+/**
+ * encode an array of bytes using Base64 (RFC 3548)
+ *
+ * @param source the source buffer
+ * @param sourcelen the length of the source buffer
+ * @param target the target buffer
+ * @param targetlen the length of the target buffer
+ * @return 1 on success, 0 otherwise
+ */
+int base64_encode(unsigned char *source, size_t sourcelen, char *target, size_t targetlen)
+{
+       /* check if the result will fit in the target buffer */
+       if ((sourcelen+2)/3*4 > targetlen-1)
+               return 0;
+
+       /* encode all full triples */
+       while (sourcelen >= 3)
+       {
+               _base64_encode_triple(source, target);
+               sourcelen -= 3;
+               source += 3;
+               target += 4;
+       }
+
+       /* encode the last one or two characters */
+       if (sourcelen > 0)
+       {
+               unsigned char temp[3];
+               memset(temp, 0, sizeof(temp));
+               memcpy(temp, source, sourcelen);
+               _base64_encode_triple(temp, target);
+               target[3] = '=';
+               if (sourcelen == 1)
+                       target[2] = '=';
+
+               target += 4;
+       }
+
+       /* terminate the string */
+       target[0] = 0;
+
+       return 1;
+}
+
 /* Encode a buffer to Base64 */
 
 static char *base64ify(char * const result, const unsigned char *digest,
@@ -167,7 +239,6 @@ char *crypto_hash_sha1(const char *strin
     return hexify(result, digest, sizeof result, sizeof digest);
 }
 
-
 /* Compute a simple hex MD5 digest of a C-string */
 
 char *crypto_hash_md5(const char *string, const int hex)
Only in pure-ftpd-1.0.36-phpass/src: .deps
diff -rup pure-ftpd-1.0.36/src/log_mysql.c pure-ftpd-1.0.36-phpass/src/log_mysql.c
--- pure-ftpd-1.0.36/src/log_mysql.c    2012-03-15 18:01:37.000000000 -0700
+++ pure-ftpd-1.0.36-phpass/src/log_mysql.c     2012-04-20 02:25:53.020895435 -0700
@@ -324,7 +324,7 @@ void pw_mysql_check(AuthResult * const r
     char *escaped_decimal_ip = NULL;    
     int committed = 1;
     int crypto_crypt = 0, crypto_mysql = 0, crypto_md5 = 0, crypto_sha1 = 0,
-        crypto_plain = 0;
+        crypto_plain = 0, crypto_phpass = 0;
     unsigned long decimal_ip_num = 0UL;
     char decimal_ip[42];
     char hbuf[NI_MAXHOST];
@@ -419,6 +419,7 @@ void pw_mysql_check(AuthResult * const r
         crypto_mysql++;
         crypto_md5++;
         crypto_sha1++;
+        crypto_phpass++;
     } else if (strcasecmp(crypto, PASSWD_SQL_CRYPT) == 0) {
         crypto_crypt++;
     } else if (strcasecmp(crypto, PASSWD_SQL_MYSQL) == 0) {
@@ -427,6 +428,8 @@ void pw_mysql_check(AuthResult * const r
         crypto_md5++;
     } else if (strcasecmp(crypto, PASSWD_SQL_SHA1) == 0) {
         crypto_sha1++;
+    } else if (strcasecmp(crypto, PASSWD_SQL_PHPASS) == 0) {
+       crypto_phpass++;
     } else {                           /* default to plaintext */
         crypto_plain++;
     }
@@ -484,6 +487,25 @@ void pw_mysql_check(AuthResult * const r
             goto auth_ok;
         }
     }
+    if (crypto_phpass != 0) {
+       char str_clear_base64[512];
+       char str_hashe_base64[512];
+
+       base64_encode(password, strlen(password), str_clear_base64, 512 );
+       base64_encode(spwd, strlen(spwd), str_hashe_base64, 512);
+
+       char cmd[512];
+       sprintf(cmd, "phpass-wrapper.php \"%s\" \"%s\"", str_clear_base64, str_hashe_base64);
+
+       int r = system (cmd);
+
+       if (r == 256)
+               goto bye;
+       else if (r == 512)
+               goto auth_ok;
+       else
+               goto bye;
+    }
     if (crypto_plain != 0) {
         if (*password != 0 &&    /* refuse null cleartext passwords */
             strcmp(password, spwd) == 0) {
diff -rup pure-ftpd-1.0.36/src/log_mysql.h pure-ftpd-1.0.36-phpass/src/log_mysql.h
--- pure-ftpd-1.0.36/src/log_mysql.h    2011-05-01 18:22:54.000000000 -0700
+++ pure-ftpd-1.0.36-phpass/src/log_mysql.h     2012-04-20 01:59:00.248859759 -0700
@@ -6,6 +6,7 @@
 #define PASSWD_SQL_MYSQL "password"
 #define PASSWD_SQL_MD5 "md5"
 #define PASSWD_SQL_SHA1 "sha1"
+#define PASSWD_SQL_PHPASS "phpass"
 #define PASSWD_SQL_ANY "any"
 #define MYSQL_DEFAULT_SERVER "localhost"
 #define MYSQL_DEFAULT_PORT 3306