Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
100.00% covered (success)
100.00%
33 / 33
100.00% covered (success)
100.00%
7 / 7
CRAP
100.00% covered (success)
100.00%
1 / 1
salted_md5
100.00% covered (success)
100.00%
33 / 33
100.00% covered (success)
100.00%
7 / 7
14
100.00% covered (success)
100.00%
1 / 1
 get_prefix
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 is_legacy
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 hash
100.00% covered (success)
100.00%
10 / 10
100.00% covered (success)
100.00%
1 / 1
3
 check
100.00% covered (success)
100.00%
3 / 3
100.00% covered (success)
100.00%
1 / 1
2
 generate_salt
100.00% covered (success)
100.00%
6 / 6
100.00% covered (success)
100.00%
1 / 1
1
 get_hash_settings
100.00% covered (success)
100.00%
11 / 11
100.00% covered (success)
100.00%
1 / 1
5
 get_settings_only
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14namespace phpbb\passwords\driver;
15
16/**
17*
18* @version Version 0.1 / slightly modified for phpBB 3.1.x (using $H$ as hash type identifier)
19*
20* Portable PHP password hashing framework.
21*
22* Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
23* the public domain.
24*
25* There's absolutely no warranty.
26*
27* The homepage URL for this framework is:
28*
29*    http://www.openwall.com/phpass/
30*
31* Please be sure to update the Version line if you edit this file in any way.
32* It is suggested that you leave the main version number intact, but indicate
33* your project name (after the slash) and add your own revision information.
34*
35* Please do not change the "private" password hashing method implemented in
36* here, thereby making your hashes incompatible.  However, if you must, please
37* change the hash type identifier (the "$P$") to something different.
38*
39* Obviously, since this code is in the public domain, the above are not
40* requirements (there can be none), but merely suggestions.
41*
42*/
43
44class salted_md5 extends base
45{
46    const PREFIX = '$H$';
47
48    /**
49    * {@inheritdoc}
50    */
51    public function get_prefix()
52    {
53        return self::PREFIX;
54    }
55
56    /**
57    * {@inheritdoc}
58    */
59    public function is_legacy()
60    {
61        return true;
62    }
63
64    /**
65    * {@inheritdoc}
66    */
67    public function hash($password, $setting = '')
68    {
69        if ($setting)
70        {
71            if (($settings = $this->get_hash_settings($setting)) === false)
72            {
73                // Return md5 of password if settings do not
74                // comply with our standards. This will only
75                // happen if pre-determined settings are
76                // directly passed to the driver. The manager
77                // will not do this. Same as the old hashing
78                // implementation in phpBB 3.0
79                return md5($password);
80            }
81        }
82        else
83        {
84            $settings = $this->get_hash_settings($this->generate_salt());
85        }
86
87        $hash = md5($settings['salt'] . $password, true);
88        do
89        {
90            $hash = md5($hash . $password, true);
91        }
92        while (--$settings['count']);
93
94        $output = $settings['full'];
95        $output .= $this->helper->hash_encode64($hash, 16);
96
97        return $output;
98    }
99
100    /**
101    * {@inheritdoc}
102    */
103    public function check($password, $hash, $user_row = array())
104    {
105        if (strlen($hash) !== 34)
106        {
107            return md5($password) === $hash;
108        }
109
110        return $this->helper->string_compare($hash, $this->hash($password, $hash));
111    }
112
113    /**
114    * Generate salt for hashing method
115    *
116    * @return string Salt for hashing method
117    */
118    protected function generate_salt()
119    {
120        $count = 6;
121
122        $random = $this->helper->get_random_salt($count);
123
124        $salt = $this->get_prefix();
125        $salt .= $this->helper->itoa64[min($count + 5, 30)];
126        $salt .= $this->helper->hash_encode64($random, $count);
127
128        return $salt;
129    }
130
131    /**
132    * Get hash settings
133    *
134    * @param string $hash The hash that contains the settings
135    *
136    * @return bool|array Array containing the count_log2, salt, and full
137    *        hash settings string or false if supplied hash is empty
138    *        or contains incorrect settings
139    */
140    public function get_hash_settings($hash)
141    {
142        if (empty($hash))
143        {
144            return false;
145        }
146
147        $count_log2 = strpos($this->helper->itoa64, $hash[3]);
148        $salt = substr($hash, 4, 8);
149
150        if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8)
151        {
152            return false;
153        }
154
155        return array(
156            'count'    => 1 << $count_log2,
157            'salt'    => $salt,
158            'full'    => substr($hash, 0, 12),
159        );
160    }
161
162    /**
163    * {@inheritdoc}
164    */
165    public function get_settings_only($hash, $full = false)
166    {
167        return substr($hash, 3, 9);
168    }
169}