Project

General

Profile

« Previous | Next » 

Revision 1512

Added by darkviper about 13 years ago

settings for pwgen updated

View differences:

branches/2.8.x/CHANGELOG
12 12

  
13 13
=============================== FEATURES FREEZE ================================
14 14
----------------------------------- Fixes 2.8.2 --------------------------------
15
24 Sep-2011 Build 1512 Werner v.d.Decken(DarkViper)
16
! settings for pwgen updated
15 17
14 Sep-2011 Build 1511 Dietmar Woellbrink (Luisehahne)
16 18
# fixed strict notice warning in class.wb
17 19
! change editor for intropage to editarea
branches/2.8.x/wb/admin/interface/version.php
52 52

  
53 53
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
54 54
if(!defined('VERSION')) define('VERSION', '2.8.2');
55
if(!defined('REVISION')) define('REVISION', '1511');
55
if(!defined('REVISION')) define('REVISION', '1512');
branches/2.8.x/wb/framework/PasswordHash.php
12 12
 *
13 13
 * this class works with salted md5-hashes with several rounds. 
14 14
 * For backward compatibility it can compare normal md5-hashes also.
15
 * Minimum requirements: PHP 5.2.2 or higher
15 16
 *
16 17
 * *****************************************************************************
17 18
 * This class is based on the Portable PHP password hashing framework.
......
23 24
 */
24 25
class PasswordHash {
25 26

  
27
	const SECURITY_WEAK      = 6;
28
	const SECURITY_MEDIUM    = 8;
29
	const SECURITY_NORMAL    = 10;
30
	const SECURITY_STRONG    = 12;
31
	const SECURITY_STRONGER  = 16;
26 32

  
27 33
	private $_itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
28 34
	private $_iterationCountLog2 = 8;
......
91 97
	private function _GenSaltPrivate($input)
92 98
	{
93 99
		$output = '$P$';
94
		$output .= $this->_itoa64[min($this->_iterationCountLog2 +
95
		                          ((PHP_VERSION >= '5') ? 5 : 3), 30)];
100
		$output .= $this->_itoa64[min($this->_iterationCountLog2 + 5, 30)];
96 101
		$output .= $this->_Encode64($input, 6);
97 102
		return $output;
98 103
	}
......
123 128
		# in PHP would result in much worse performance and
124 129
		# consequently in lower iteration counts and hashes that are
125 130
		# quicker to crack (by non-PHP code).
126
		if (PHP_VERSION >= '5') {
127
			$hash = md5($salt . $password, TRUE);
128
			do {
129
				$hash = md5($hash . $password, TRUE);
130
			} while (--$count);
131
		} else {
132
			$hash = pack('H*', md5($salt . $password));
133
			do {
134
				$hash = pack('H*', md5($hash . $password));
135
			} while (--$count);
136
		}
131
		$hash = md5($salt . $password, TRUE);
132
		do {
133
			$hash = md5($hash . $password, TRUE);
134
		} while (--$count);
137 135
		$output = substr($setting, 0, 12);
138 136
		$output .= $this->_Encode64($hash, 16);
139 137
		return $output;
......
144 142
	 * @param string $password password as original string
145 143
	 * @return string generated hash | '*' on error
146 144
	 */
147
	public function HashPassword($password)
145
	public function HashPassword($password, $md5 = false)
148 146
	{
147
		if ($md5) { return(md5($password)); }
149 148
		$random = '';
150 149
		if (strlen($random) < 6) {
151 150
			$random = $this->_getRandomBytes(6);
......
185 184
	 * @param int $length length of the generated password. default = 8
186 185
	 * @return string
187 186
	 */
188
	public static function NewPassword($length = 8)
187
	public static function NewPassword($length = self::SECURITY_MEDIUM)
189 188
	{
190 189
		$chars = array(
191 190
			array('b','c','d','f','g','h','j','k','l','m','n','p','r','s','t','v','w','x','y','z'),
192 191
			array('a','e','i','o','u'),
193 192
			array('!','-','@','_',':','.','+','%','/','*')
194 193
		);
194
		if($length < self::SECURITY_WEAK) { $length = self::SECURITY_WEAK; }
195 195
		$length = ceil($length / 2);
196 196
		$Password = array();
197 197
	// at first fill array alternating with vowels and consonants
......
200 200
			$Password[] = $char == 'l' ? 'L' : $char;
201 201
			$Password[] = $chars[1][rand(1000, 10000) % sizeof($chars[1])];
202 202
		}
203
	// transform 2 random chars into uppercase
204
		for($x = 0; $x < 2; $x++) {
205
			$pos = rand(1000, 10000) % sizeof($Password);
203
	// transform some random chars into uppercase
204
		$pos = ((rand(1000, 10000) % 3) + 1);
205
		while($pos < sizeof($Password)) {
206 206
			$Password[$pos] = ($Password[$pos] == 'i' || $Password[$pos] == 'o')
207 207
			                  ? $Password[$pos] : strtoupper($Password[$pos]);
208
			$pos += ((rand(1000, 10000) % 3) + 1);
208 209
		}
209
	// randomly insert one special char, but not at position 0 or as last char
210
		$pos = (rand(1000, 10000) % (sizeof($Password)-2))+1;
211
		$Password[$pos] = $chars[2][rand(1000, 10000) % sizeof($chars[2])];
212
	// randomly insert a numeric char, between 1 and 9
213
		$pos = rand(1000, 10000) % sizeof($Password);
214
		$Password[$pos] = (rand(1000, 10000) % 9) + 1;
210
	// insert some numeric chars, between 1 and 9
211
		$specialChars = array();
212
		$specialCharsCount = floor(sizeof($Password) / 4);
213
		while(sizeof($specialChars) < $specialCharsCount) {
214
			$key = (rand(1000, 10000) % sizeof($Password));
215
			if(!isset($specialChars[$key])) {
216
				$specialChars[$key] = (rand(1000, 10000) % 9) + 1;
217
			}
218
		}
219
	// insert some punctuation chars, but not leading or trailing
220
		$specialCharsCount += floor((sizeof($Password)-1) / 6);
221
		while(sizeof($specialChars) < $specialCharsCount) {
222
			$key = (rand(1000, 10000) % (sizeof($Password)-2))+1;
223
			if(!isset($specialChars[$key])) {
224
				$specialChars[$key] = $chars[2][(rand(1000, 10000) % sizeof($chars[2]))];
225
			}
226
		}
227
		foreach($specialChars as $key=>$val) {
228
			$Password[$key] = $val;
229
		}
215 230

  
216 231
		return implode($Password);
217 232
	}
branches/2.8.x/wb/pwgen.php
1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1 2
<?php
2 3
/**
3 4
 * @category     Core
......
10 11
 * @since        Datei vorhanden seit Release 2.8.2
11 12
 * @lastmodified $Date:$
12 13
 *
13
 * this class works with salted md5-hashes with several rounds. 
14
 * For backward compatibility it can compare normal md5-hashes also.
14
 * This generator is based on the class PasswordHash (c)2011 ISTeasy
15
 * It generates very strong Passwords and calculates several hashes also.
15 16
 *
16 17
 */
17
 $path2class = './framework/PasswordHash.php';
18

  
19
	$minLoops = 8;
20
	$maxLoops = 16;
21
	$path2class = './framework/PasswordHash.php';
22
	include $path2class;
18 23
	$newpass = '';
19 24
	$pass    = '';
20 25
	$hash    = '';
21

  
22
	include $path2class;
26
// ** sanitize arguments
27
// length of password
28
	if(!isset($_POST['length']) ) { $_POST['length'] = PasswordHash::SECURITY_NORMAL; }
29
	$length = intval($_POST['length']);
30
// crypt type of hash
31
	if(!isset($_POST['crypt']) ) { $_POST['crypt'] = 2; }
32
	$crypt = intval($_POST['crypt']);
33
	if($crypt < 0 || $crypt > 2) { $crypt = 2; }
34
// number of encryption loops
35
	if(!isset($_POST['loops']) ) { $_POST['loops'] = 0; }
36
	$loops = intval($_POST['loops']);
37
	if($loops < $minLoops || $loops > $maxLoops) { $loops =  $minLoops + floor(($maxLoops - $minLoops) / 2); }
38
// requested action
23 39
	if(!isset($_POST['action']) ) { $_POST['action'] = 'pass'; }
40
// select actions
24 41
	if($_POST['action'] == 'hash') {
25 42
		if(isset($_POST['pass']) && trim($_POST['pass']) != '') {
26 43
			$pass = trim($_POST['pass']);
27 44
			$newpass = $pass;
28
			$ph = new PasswordHash(12);
29
			$hash = $ph->HashPassword($pass);
45
			$ph = new PasswordHash($loops, ($crypt == 1));
46
			$hash = $ph->HashPassword($pass, ($crypt == 0) );
30 47
		}
31 48
	}else {
32
		if(!isset($_POST['length']) ) { $_POST['length'] = 8; }
33
		$length = intval($_POST['length']);
34 49
		$newpass = PasswordHash::NewPassword($length);
35 50
		$pass = $newpass;
36 51
	}
52
// preselect length of password
53
	$checkQuality0 = $length == PasswordHash::SECURITY_WEAK ? ' checked="checked"' : '';
54
	$checkQuality1 = $length == PasswordHash::SECURITY_MEDIUM ? ' checked="checked"' : '';
55
	$checkQuality2 = $length == PasswordHash::SECURITY_NORMAL ? ' checked="checked"' : '';
56
	$checkQuality3 = $length == PasswordHash::SECURITY_STRONG ? ' checked="checked"' : '';
57
	$checkQuality4 = $length == PasswordHash::SECURITY_STRONGER ? ' checked="checked"' : '';
58
	if($checkQuality0.$checkQuality1.$checkQuality2.$checkQuality3.$checkQuality4 == '') {
59
		$checkQuality2 = ' checked="checked"';
60
	}
61
// preselect hash type
62
	$checkCrypt0 = $crypt == 0 ? ' checked="checked"' : '';
63
	$checkCrypt1 = $crypt == 1 ? ' checked="checked"' : '';
64
	$checkCrypt2 = $crypt == 2 ? ' checked="checked"' : '';
65
	$bcryptActive = ( (method_exists('PasswordHash', '_GenSaltSha512') && CRYPT_SHA512 == 1) ||
66
	                  (method_exists('PasswordHash', '_GenSaltBlowfish') && CRYPT_BLOWFISH == 1) ||
67
	                  (method_exists('PasswordHash', '_GenSaltExtended') && CRYPT_EXT_DES == 1) );
68
	$bcryptActive = $bcryptActive ? '' : ' style="display: none;"';
69
// create encryption loops option-list
70
	$loopsOptions = '';
71
	for($x = $minLoops; $x <= $maxLoops; $x++) {
72
		$curr = ($x == $loops ? ' selected="selected"' : '');
73
		$loopsOptions .= '<option value="'.$x.'"'.$curr.'>2^'.$x.' ('.number_format(pow(2, $x), 0, ',', '.').')&nbsp;&nbsp;</option>'."\n";
74
	}
37 75

  
38
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
76
// autodetect language
77
	$lang = 'en';
78
	if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) && strlen($_SERVER['HTTP_ACCEPT_LANGUAGE'])>2) {
79
		$lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2));
80
	}
81
// define language translation tables
82
	$TXT = array(
83
		'en' => array(
84
			'pw_title'      => 'Password-Generator',
85
			'pw_quality'    => 'Quality of password',
86
			'pw_quality_0'  => 'bad',
87
			'pw_quality_1'  => 'weak',
88
			'pw_quality_2'  => 'good',
89
			'pw_quality_3'  => 'strong',
90
			'pw_quality_4'  => 'excellent',
91
			'pw_suggestion' => 'Our password suggestion',
92
			'pw_action'     => 'suggest password',
93
			'hg_title'      => 'Hash-Generator',
94
			'hg_text'       => 'Enter Text to hash',
95
			'hg_type'       => 'Kind of crypt',
96
			'hg_type_0'     => 'simple MD5 (very insecure)',
97
			'hg_type_1'     => 'MD5 + salt + rounds (relatively safe)',
98
			'hg_type_2'     => 'Ext-DES/Blowfish/SHA512 + rounds (high security)',
99
			'hg_loops'      => 'Number of rounds',
100
			'hg_copy'       => 'Hash to copy',
101
			'hg_action'     => 'calculate'
102
		),
103
		'de' => array(
104
			'pw_title'      => 'Passwort-Generator',
105
			'pw_quality'    => 'Qualität des Passwortes',
106
			'pw_quality_0'  => 'schlecht',
107
			'pw_quality_1'  => 'schwach',
108
			'pw_quality_2'  => 'gut',
109
			'pw_quality_3'  => 'stark',
110
			'pw_quality_4'  => 'exzellent',
111
			'pw_suggestion' => 'Unser Passwortvorschlag',
112
			'pw_action'     => 'Passwort vorschlagen',
113
			'hg_title'      => 'Hash-Generator',
114
			'hg_text'       => 'zu hashenden Text eingeben',
115
			'hg_type'       => 'Verschlüsselungsart',
116
			'hg_type_0'     => 'einfaches MD5 (sehr unsicher)',
117
			'hg_type_1'     => 'MD5 + Salz + mehrere Runden (relativ sicher)',
118
			'hg_type_2'     => 'Ext-DES/Blowfish/SHA512 + mehrere Runden (sehr sicher)',
119
			'hg_loops'      => 'Anzahl der Runden',
120
			'hg_copy'       => 'erzeugten Hash kopieren',
121
			'hg_action'     => 'berechnen'
122
		)
123
	);
124
// start screen output
125
?>
39 126
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
40 127
	<head>
41 128
		<title>PWH-Generator v.0.1</title>
......
53 140
			}
54 141
			body {
55 142
				text-align: center;
56
				padding-top: 4em;
143
				padding-top: 2em;
57 144
			}
58 145
			.body {
59 146
				width: 40em;
60 147
				margin: auto;
61 148
			}
62 149
			fieldset {
63
				padding: 1em 0;
150
				padding: 1em;
151
				text-align: left;
64 152
			}
65 153
			legend {
66 154
				font-size: 1.3em;
67 155
			}
68 156
			input {
69
				width: 90%;
70 157
				margin: 0.5em 0;
71 158
				padding: 3px;
72 159
				font-size: 1.2em;
160
				width: 97%;
161
				background-color: transparent;
73 162
			}
163
			input[type = "radio"] {
164
				display: inline;
165
			}
74 166
			#hash { font-size: 1em; }
75 167
		</style>
76
		<script type="text/javascript">
77
			function clearHash() {
78
				document.genhash.hash.value = "";
79
			}
80

  
81
		</script>
82 168
	</head>
83 169
	<body>
84 170
		<div class="body">
85 171
			<h1>PWH-Generator v.0.1</h1>
86 172
			<fieldset>
87
				<legend>&nbsp;Password-Generator&nbsp;</legend>
173
				<legend>&nbsp;<?php echo $TXT[$lang]['pw_title']; ?>&nbsp;</legend>
88 174
				<form  method="post" name="genpass" action="">
89 175
					<input type="hidden" name="action" value="pass" />
90
					<label for="length">length of password </label>&nbsp;&nbsp;
91
					<input type="radio" name="length" value="6">06</input>&nbsp;
92
					<input type="radio" name="length" value="8" checked="checked">08</input>&nbsp;
93
					<input type="radio" name="length" value="10">10</input>&nbsp;
94
					<input type="radio" name="length" value="12">12</input>&nbsp;
95
					<input type="radio" name="length" value="14">14</input>&nbsp;
96
					<input type="radio" name="length" value="16">16</input>&nbsp;
97
					<input type="radio" name="length" value="18">18</input>&nbsp;
98
					<input type="radio" name="length" value="20">20</input>&nbsp;<br /><br />
99
					<label for="pass">Our password suggestion</label><br />
176
					<input type="hidden" name="crypt" value="<?php echo $crypt; ?>" />
177
					<input type="hidden" name="loops" value="<?php echo $loops; ?>" />
178
					<label for="length"><strong><?php echo $TXT[$lang]['pw_quality']; ?></strong></label><br />
179
					<input type="radio" id="length0" name="length" value="<?php echo PasswordHash::SECURITY_WEAK.'"'.$checkQuality0; ?>>
180
						&nbsp;<label for="length0"><?php echo $TXT[$lang]['pw_quality_0']; ?></label></input>&nbsp;&nbsp;
181
					<input type="radio" id="length1" name="length" value="<?php echo PasswordHash::SECURITY_MEDIUM.'"'.$checkQuality1; ?>>
182
						&nbsp;<label for="length1"><?php echo $TXT[$lang]['pw_quality_1']; ?></label></input>&nbsp;&nbsp;
183
					<input type="radio" id="length2" name="length" value="<?php echo PasswordHash::SECURITY_NORMAL.'"'.$checkQuality2; ?>>
184
						&nbsp;<label for="length2"><?php echo $TXT[$lang]['pw_quality_2']; ?></label></input>&nbsp;&nbsp;
185
					<input type="radio" id="length3" name="length" value="<?php echo PasswordHash::SECURITY_STRONG.'"'.$checkQuality3; ?>>
186
						&nbsp;<label for="length3"><?php echo $TXT[$lang]['pw_quality_3']; ?></label></input>&nbsp;&nbsp;
187
					<input type="radio" id="length4" name="length" value="<?php echo PasswordHash::SECURITY_STRONGER.'"'.$checkQuality4; ?>>
188
						&nbsp;<label for="length4"><?php echo $TXT[$lang]['pw_quality_4']; ?></label></input>&nbsp;<br /><br />
189
					<label for="pass"><strong><?php echo $TXT[$lang]['pw_suggestion']; ?></strong></label><br />
100 190
					<input type="text" id="pass" name="pass" value="<?php echo $newpass; ?>" readonly="readonly" /><br /><br />
101
					<input name="submit" id="submit1" type="submit" value="suggest password" />
191
					<input name="submit" id="submit1" type="submit" value="<?php echo $TXT[$lang]['pw_action']; ?>" />
102 192
				</form>
103 193
			</fieldset><br /><br />
104
			<fieldset>
105
				<legend>&nbsp;Hash-Generator&nbsp;</legend>
194
			<fieldset id="setHash" style="position: relative; background: url('warten.gif') -1000px no-repeat;">
195
				<legend>&nbsp;<?php echo $TXT[$lang]['hg_title']; ?>&nbsp;</legend>
106 196
				<form  method="post" name="genhash" action="">
107 197
					<input type="hidden" name="action" value="hash" />
108
					<label for="pass">Enter Text to hash</label><br />
109
					<input type="text" id="pass" name="pass" value="<?php echo $pass; ?>" onkeypress="clearHash();" /><br />
110
					<label for="hash">Hash to copy</label><br />
111
					<input type="text" id="hash" name="hash" value="<?php echo $hash; ?>" readonly="readonly" /><br /><br />
112
					<input name="submit" id="submit0" type="submit" value="calculate hash" />
198
					<input type="hidden" name="length" value="<?php echo $length; ?>" />
199
					<label for="pass"><strong><?php echo $TXT[$lang]['hg_text']; ?></strong></label><br />
200
					<input type="text" id="hgpass" name="pass" value="<?php echo $pass; ?>" /><br />
201
					<strong><?php echo $TXT[$lang]['hg_type']; ?></strong><br />
202
					<input type="radio" id="crypt0" name="crypt" value="0"<?php echo $checkCrypt0; ?>>&nbsp;
203
						<label for="crypt0"><?php echo $TXT[$lang]['hg_type_0']; ?></label></input><br />
204
					<input type="radio" id="crypt1" name="crypt" value="1"<?php echo $checkCrypt1; ?>>&nbsp;
205
						<label for="crypt1"><?php echo $TXT[$lang]['hg_type_1']; ?></label></input><br />
206
					<span<?php echo $bcryptActive; ?>>
207
						<input type="radio" id="crypt2" name="crypt" value="2"<?php echo $checkCrypt2; ?>>&nbsp;
208
							<label for="crypt2"><?php echo $TXT[$lang]['hg_type_2']; ?></label></input>
209
					</span>
210
					<br />
211
					<div id="loopsbox">
212
						<select name="loops">
213
							<?php echo $loopsOptions; ?>
214
						</select>&nbsp;&nbsp;<?php echo $TXT[$lang]['hg_loops']?><br /><br />
215
					</div>
216
					<br />
217
					<label for="hash"><strong><?php echo $TXT[$lang]['hg_copy']; ?></strong></label>
218
					<div>
219
						<input type="text" id="hash" name="hash" value="<?php echo $hash; ?>" readonly="readonly" />
220
					</div>
221
					<br />
222
					<input name="submit" id="submit0" type="submit" value="<?php echo $TXT[$lang]['hg_action']; ?>" />
113 223
				</form>
114 224
			</fieldset>
225
			<span style="font-size: 0.7em">
226
				&copy;2011&nbsp;<a href="http://isteasy.de/" title="ISTeasy-project"><span style="font-style: italic; fontweight: bold;">
227
					<span style="color: #aa0000;">IST</span>easy</span>-project</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
228
				<a href="http://creativecommons.org/licenses/by-sa/3.0/" title="Creative Commons BY-SA 3.0">
229
					Creative Commons BY-SA 3.0</a>
230
			</span>
115 231
		</div>
232

  
233
<script type="text/javascript">
234
/* <![CDATA[ */
235
	function showWait() {
236
		document.getElementById('setHash').style.backgroundPosition = 'center';
237
	}
238

  
239
	function clearHash() {
240
		document.getElementById('hash').value = "";
241
	}
242

  
243
	function showLoops() {
244
		if (document.getElementById("crypt0").checked == true) {
245
			document.getElementById("loopsbox").style.display = 'none';
246
		}else {
247
			document.getElementById("loopsbox").style.display = 'block';
248
		}
249
	}
250
	showLoops();
251
	document.getElementById('crypt0').addEventListener("click", showLoops, false);
252
	document.getElementById('crypt1').addEventListener("click", showLoops, false);
253
	document.getElementById('crypt2').addEventListener("click", showLoops, false);
254
	document.getElementById('hgpass').addEventListener("keypress", clearHash, false);
255
	document.getElementById('submit0').addEventListener("click", showWait, false);
256
/* ]]> */
257
</script>
258

  
116 259
	</body>
117 260
</html>
118 261

  

Also available in: Unified diff