PHPXRef 0.7.1 : phpBB-3.1.12-deutsch : /phpbb/passwords/driver/salted

[Summary view] [Print] [Text view]
   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  namespace phpbb\passwords\driver;
  15  
  16  /**
  17  *
  18  * @version Version 0.1 / slightly modified for phpBB 3.1.x (using $H$ as hash type identifier)
  19  *
  20  * Portable PHP password hashing framework.
  21  *
  22  * Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
  23  * the public domain.
  24  *
  25  * There's absolutely no warranty.
  26  *
  27  * The homepage URL for this framework is:
  28  *
  29  *    http://www.openwall.com/phpass/
  30  *
  31  * Please be sure to update the Version line if you edit this file in any way.
  32  * It is suggested that you leave the main version number intact, but indicate
  33  * your project name (after the slash) and add your own revision information.
  34  *
  35  * Please do not change the "private" password hashing method implemented in
  36  * here, thereby making your hashes incompatible.  However, if you must, please
  37  * change the hash type identifier (the "$P$") to something different.
  38  *
  39  * Obviously, since this code is in the public domain, the above are not
  40  * requirements (there can be none), but merely suggestions.
  41  *
  42  */
  43  
  44  class salted_md5 extends base
  45  {
  46      const PREFIX = '$H$';
  47  
  48      /**
  49      * {@inheritdoc}
  50      */
  51  	public function get_prefix()
  52      {
  53          return self::PREFIX;
  54      }
  55  
  56      /**
  57      * {@inheritdoc}
  58      */
  59  	public function is_legacy()
  60      {
  61          return true;
  62      }
  63  
  64      /**
  65      * {@inheritdoc}
  66      */
  67  	public function hash($password, $setting = '')
  68      {
  69          if ($setting)
  70          {
  71              if (($settings = $this->get_hash_settings($setting)) === false)
  72              {
  73                  // Return md5 of password if settings do not
  74                  // comply with our standards. This will only
  75                  // happen if pre-determined settings are
  76                  // directly passed to the driver. The manager
  77                  // will not do this. Same as the old hashing
  78                  // implementation in phpBB 3.0
  79                  return md5($password);
  80              }
  81          }
  82          else
  83          {
  84              $settings = $this->get_hash_settings($this->generate_salt());
  85          }
  86  
  87          $hash = md5($settings['salt'] . $password, true);
  88          do
  89          {
  90              $hash = md5($hash . $password, true);
  91          }
  92          while (--$settings['count']);
  93  
  94          $output = $settings['full'];
  95          $output .= $this->helper->hash_encode64($hash, 16);
  96  
  97          return $output;
  98      }
  99  
 100      /**
 101      * {@inheritdoc}
 102      */
 103  	public function check($password, $hash, $user_row = array())
 104      {
 105          if (strlen($hash) !== 34)
 106          {
 107              return md5($password) === $hash;
 108          }
 109  
 110          return $this->helper->string_compare($hash, $this->hash($password, $hash));
 111      }
 112  
 113      /**
 114      * Generate salt for hashing method
 115      *
 116      * @return string Salt for hashing method
 117      */
 118  	protected function generate_salt()
 119      {
 120          $count = 6;
 121  
 122          $random = $this->helper->get_random_salt($count);
 123  
 124          $salt = $this->get_prefix();
 125          $salt .= $this->helper->itoa64[min($count + 5, 30)];
 126          $salt .= $this->helper->hash_encode64($random, $count);
 127  
 128          return $salt;
 129      }
 130  
 131      /**
 132      * Get hash settings
 133      *
 134      * @param string $hash The hash that contains the settings
 135      *
 136      * @return bool|array Array containing the count_log2, salt, and full
 137      *        hash settings string or false if supplied hash is empty
 138      *        or contains incorrect settings
 139      */
 140  	public function get_hash_settings($hash)
 141      {
 142          if (empty($hash))
 143          {
 144              return false;
 145          }
 146  
 147          $count_log2 = strpos($this->helper->itoa64, $hash[3]);
 148          $salt = substr($hash, 4, 8);
 149  
 150          if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8)
 151          {
 152              return false;
 153          }
 154  
 155          return array(
 156              'count'    => 1 << $count_log2,
 157              'salt'    => $salt,
 158              'full'    => substr($hash, 0, 12),
 159          );
 160      }
 161  
 162      /**
 163      * {@inheritdoc}
 164      */
 165  	public function get_settings_only($hash, $full = false)
 166      {
 167          return substr($hash, 3, 9);
 168      }
 169  }
PHP Cross Reference of phpBB-3.1.12-deutsch

/phpbb/passwords/driver/ -> salted_md5.php (source)
