Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
Total | |
100.00% |
1 / 1 |
|
100.00% |
7 / 7 |
CRAP | |
100.00% |
37 / 37 |
salted_md5 | |
100.00% |
1 / 1 |
|
100.00% |
7 / 7 |
15 | |
100.00% |
37 / 37 |
get_prefix | |
100.00% |
1 / 1 |
1 | |
100.00% |
1 / 1 |
|||
is_legacy | |
100.00% |
1 / 1 |
1 | |
100.00% |
1 / 1 |
|||
hash | |
100.00% |
1 / 1 |
4 | |
100.00% |
12 / 12 |
|||
check | |
100.00% |
1 / 1 |
2 | |
100.00% |
4 / 4 |
|||
generate_salt | |
100.00% |
1 / 1 |
1 | |
100.00% |
6 / 6 |
|||
get_hash_settings | |
100.00% |
1 / 1 |
5 | |
100.00% |
12 / 12 |
|||
get_settings_only | |
100.00% |
1 / 1 |
1 | |
100.00% |
1 / 1 |
<?php | |
/** | |
* | |
* This file is part of the phpBB Forum Software package. | |
* | |
* @copyright (c) phpBB Limited <https://www.phpbb.com> | |
* @license GNU General Public License, version 2 (GPL-2.0) | |
* | |
* For full copyright and license information, please see | |
* the docs/CREDITS.txt file. | |
* | |
*/ | |
namespace phpbb\passwords\driver; | |
/** | |
* | |
* @version Version 0.1 / slightly modified for phpBB 3.1.x (using $H$ as hash type identifier) | |
* | |
* Portable PHP password hashing framework. | |
* | |
* Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in | |
* the public domain. | |
* | |
* There's absolutely no warranty. | |
* | |
* The homepage URL for this framework is: | |
* | |
* http://www.openwall.com/phpass/ | |
* | |
* Please be sure to update the Version line if you edit this file in any way. | |
* It is suggested that you leave the main version number intact, but indicate | |
* your project name (after the slash) and add your own revision information. | |
* | |
* Please do not change the "private" password hashing method implemented in | |
* here, thereby making your hashes incompatible. However, if you must, please | |
* change the hash type identifier (the "$P$") to something different. | |
* | |
* Obviously, since this code is in the public domain, the above are not | |
* requirements (there can be none), but merely suggestions. | |
* | |
*/ | |
class salted_md5 extends base | |
{ | |
const PREFIX = '$H$'; | |
/** | |
* {@inheritdoc} | |
*/ | |
public function get_prefix() | |
{ | |
return self::PREFIX; | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public function is_legacy() | |
{ | |
return true; | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public function hash($password, $setting = '') | |
{ | |
if ($setting) | |
{ | |
if (($settings = $this->get_hash_settings($setting)) === false) | |
{ | |
// Return md5 of password if settings do not | |
// comply with our standards. This will only | |
// happen if pre-determined settings are | |
// directly passed to the driver. The manager | |
// will not do this. Same as the old hashing | |
// implementation in phpBB 3.0 | |
return md5($password); | |
} | |
} | |
else | |
{ | |
$settings = $this->get_hash_settings($this->generate_salt()); | |
} | |
$hash = md5($settings['salt'] . $password, true); | |
do | |
{ | |
$hash = md5($hash . $password, true); | |
} | |
while (--$settings['count']); | |
$output = $settings['full']; | |
$output .= $this->helper->hash_encode64($hash, 16); | |
return $output; | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public function check($password, $hash, $user_row = array()) | |
{ | |
if (strlen($hash) !== 34) | |
{ | |
return md5($password) === $hash; | |
} | |
return $this->helper->string_compare($hash, $this->hash($password, $hash)); | |
} | |
/** | |
* Generate salt for hashing method | |
* | |
* @return string Salt for hashing method | |
*/ | |
protected function generate_salt() | |
{ | |
$count = 6; | |
$random = $this->helper->get_random_salt($count); | |
$salt = $this->get_prefix(); | |
$salt .= $this->helper->itoa64[min($count + 5, 30)]; | |
$salt .= $this->helper->hash_encode64($random, $count); | |
return $salt; | |
} | |
/** | |
* Get hash settings | |
* | |
* @param string $hash The hash that contains the settings | |
* | |
* @return bool|array Array containing the count_log2, salt, and full | |
* hash settings string or false if supplied hash is empty | |
* or contains incorrect settings | |
*/ | |
public function get_hash_settings($hash) | |
{ | |
if (empty($hash)) | |
{ | |
return false; | |
} | |
$count_log2 = strpos($this->helper->itoa64, $hash[3]); | |
$salt = substr($hash, 4, 8); | |
if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8) | |
{ | |
return false; | |
} | |
return array( | |
'count' => 1 << $count_log2, | |
'salt' => $salt, | |
'full' => substr($hash, 0, 12), | |
); | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public function get_settings_only($hash, $full = false) | |
{ | |
return substr($hash, 3, 9); | |
} | |
} |