Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
Total | |
0.00% |
0 / 1 |
|
80.00% |
4 / 5 |
CRAP | |
92.19% |
59 / 64 |
helper | |
0.00% |
0 / 1 |
|
80.00% |
4 / 5 |
21.21 | |
92.19% |
59 / 64 |
__construct | |
100.00% |
1 / 1 |
1 | |
100.00% |
2 / 2 |
|||
hash_encode64 | |
100.00% |
1 / 1 |
6 | |
100.00% |
23 / 23 |
|||
unique_id | |
100.00% |
1 / 1 |
3 | |
100.00% |
11 / 11 |
|||
get_random_salt | |
100.00% |
1 / 1 |
4 | |
100.00% |
17 / 17 |
|||
string_compare | |
0.00% |
0 / 1 |
11.60 | |
54.55% |
6 / 11 |
<?php | |
/** | |
* | |
* This file is part of the phpBB Forum Software package. | |
* | |
* @copyright (c) phpBB Limited <https://www.phpbb.com> | |
* @license GNU General Public License, version 2 (GPL-2.0) | |
* | |
* For full copyright and license information, please see | |
* the docs/CREDITS.txt file. | |
* | |
*/ | |
namespace phpbb\passwords\driver; | |
class helper | |
{ | |
/** | |
* @var \phpbb\config\config | |
*/ | |
protected $config; | |
/** | |
* base64 alphabet | |
* @var string | |
*/ | |
public $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; | |
/** | |
* Construct a driver helper object | |
* | |
* @param \phpbb\config\config $config phpBB configuration | |
*/ | |
public function __construct(\phpbb\config\config $config) | |
{ | |
$this->config = $config; | |
} | |
/** | |
* Base64 encode hash | |
* | |
* @param string $input Input string | |
* @param int $count Input string length | |
* | |
* @return string base64 encoded string | |
*/ | |
public function hash_encode64($input, $count) | |
{ | |
$output = ''; | |
$i = 0; | |
do | |
{ | |
$value = ord($input[$i++]); | |
$output .= $this->itoa64[$value & 0x3f]; | |
if ($i < $count) | |
{ | |
$value |= ord($input[$i]) << 8; | |
} | |
$output .= $this->itoa64[($value >> 6) & 0x3f]; | |
if ($i++ >= $count) | |
{ | |
break; | |
} | |
if ($i < $count) | |
{ | |
$value |= ord($input[$i]) << 16; | |
} | |
$output .= $this->itoa64[($value >> 12) & 0x3f]; | |
if ($i++ >= $count) | |
{ | |
break; | |
} | |
$output .= $this->itoa64[($value >> 18) & 0x3f]; | |
} | |
while ($i < $count); | |
return $output; | |
} | |
/** | |
* Return unique id | |
* | |
* @param string $extra Additional entropy | |
* | |
* @return string Unique id | |
*/ | |
public function unique_id($extra = 'c') | |
{ | |
static $dss_seeded = false; | |
$val = $this->config['rand_seed'] . microtime(); | |
$val = md5($val); | |
$this->config['rand_seed'] = md5($this->config['rand_seed'] . $val . $extra); | |
if ($dss_seeded !== true && ($this->config['rand_seed_last_update'] < time() - rand(1,10))) | |
{ | |
$this->config->set('rand_seed_last_update', time(), true); | |
$this->config->set('rand_seed', $this->config['rand_seed'], true); | |
$dss_seeded = true; | |
} | |
return substr($val, 4, 16); | |
} | |
/** | |
* Get random salt with specified length | |
* | |
* @param int $length Salt length | |
* @param string $rand_seed Seed for random data (optional). For tests. | |
* | |
* @return string Random salt with specified length | |
*/ | |
public function get_random_salt($length, $rand_seed = '/dev/urandom') | |
{ | |
$random = ''; | |
if (($fh = @fopen($rand_seed, 'rb'))) | |
{ | |
$random = fread($fh, $length); | |
fclose($fh); | |
} | |
if (strlen($random) < $length) | |
{ | |
$random = ''; | |
$random_state = $this->unique_id(); | |
for ($i = 0; $i < $length; $i += 16) | |
{ | |
$random_state = md5($this->unique_id() . $random_state); | |
$random .= pack('H*', md5($random_state)); | |
} | |
$random = substr($random, 0, $length); | |
} | |
return $random; | |
} | |
/** | |
* Compare two strings byte by byte | |
* | |
* @param string $string_a The first string | |
* @param string $string_b The second string | |
* | |
* @return bool True if strings are the same, false if not | |
*/ | |
public function string_compare($string_a, $string_b) | |
{ | |
// Return if input variables are not strings or if length does not match | |
if (!is_string($string_a) || !is_string($string_b) || strlen($string_a) != strlen($string_b)) | |
{ | |
return false; | |
} | |
// Use hash_equals() if it's available | |
if (function_exists('hash_equals')) | |
{ | |
return hash_equals($string_a, $string_b); | |
} | |
$difference = 0; | |
for ($i = 0; $i < strlen($string_a) && $i < strlen($string_b); $i++) | |
{ | |
$difference |= ord($string_a[$i]) ^ ord($string_b[$i]); | |
} | |
return $difference === 0; | |
} | |
} |