Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1511)
+++ branches/2.8.x/CHANGELOG	(revision 1512)
@@ -12,6 +12,8 @@
 
 =============================== FEATURES FREEZE ================================
 ----------------------------------- Fixes 2.8.2 --------------------------------
+24 Sep-2011 Build 1512 Werner v.d.Decken(DarkViper)
+! settings for pwgen updated
 14 Sep-2011 Build 1511 Dietmar Woellbrink (Luisehahne)
 # fixed strict notice warning in class.wb
 ! change editor for intropage to editarea
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php	(revision 1511)
+++ branches/2.8.x/wb/admin/interface/version.php	(revision 1512)
@@ -52,4 +52,4 @@
 
 // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
 if(!defined('VERSION')) define('VERSION', '2.8.2');
-if(!defined('REVISION')) define('REVISION', '1511');
+if(!defined('REVISION')) define('REVISION', '1512');
Index: branches/2.8.x/wb/framework/PasswordHash.php
===================================================================
--- branches/2.8.x/wb/framework/PasswordHash.php	(revision 1511)
+++ branches/2.8.x/wb/framework/PasswordHash.php	(revision 1512)
@@ -12,6 +12,7 @@
  *
  * this class works with salted md5-hashes with several rounds. 
  * For backward compatibility it can compare normal md5-hashes also.
+ * Minimum requirements: PHP 5.2.2 or higher
  *
  * *****************************************************************************
  * This class is based on the Portable PHP password hashing framework.
@@ -23,6 +24,11 @@
  */
 class PasswordHash {
 
+	const SECURITY_WEAK      = 6;
+	const SECURITY_MEDIUM    = 8;
+	const SECURITY_NORMAL    = 10;
+	const SECURITY_STRONG    = 12;
+	const SECURITY_STRONGER  = 16;
 
 	private $_itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
 	private $_iterationCountLog2 = 8;
@@ -91,8 +97,7 @@
 	private function _GenSaltPrivate($input)
 	{
 		$output = '$P$';
-		$output .= $this->_itoa64[min($this->_iterationCountLog2 +
-		                          ((PHP_VERSION >= '5') ? 5 : 3), 30)];
+		$output .= $this->_itoa64[min($this->_iterationCountLog2 + 5, 30)];
 		$output .= $this->_Encode64($input, 6);
 		return $output;
 	}
@@ -123,17 +128,10 @@
 		# in PHP would result in much worse performance and
 		# consequently in lower iteration counts and hashes that are
 		# quicker to crack (by non-PHP code).
-		if (PHP_VERSION >= '5') {
-			$hash = md5($salt . $password, TRUE);
-			do {
-				$hash = md5($hash . $password, TRUE);
-			} while (--$count);
-		} else {
-			$hash = pack('H*', md5($salt . $password));
-			do {
-				$hash = pack('H*', md5($hash . $password));
-			} while (--$count);
-		}
+		$hash = md5($salt . $password, TRUE);
+		do {
+			$hash = md5($hash . $password, TRUE);
+		} while (--$count);
 		$output = substr($setting, 0, 12);
 		$output .= $this->_Encode64($hash, 16);
 		return $output;
@@ -144,8 +142,9 @@
 	 * @param string $password password as original string
 	 * @return string generated hash | '*' on error
 	 */
-	public function HashPassword($password)
+	public function HashPassword($password, $md5 = false)
 	{
+		if ($md5) { return(md5($password)); }
 		$random = '';
 		if (strlen($random) < 6) {
 			$random = $this->_getRandomBytes(6);
@@ -185,7 +184,7 @@
 	 * @param int $length length of the generated password. default = 8
 	 * @return string
 	 */
-	public static function NewPassword($length = 8)
+	public static function NewPassword($length = self::SECURITY_MEDIUM)
 	{
 		$chars = array(
 			array('b','c','d','f','g','h','j','k','l','m','n','p','r','s','t','v','w','x','y','z'),
@@ -192,6 +191,7 @@
 			array('a','e','i','o','u'),
 			array('!','-','@','_',':','.','+','%','/','*')
 		);
+		if($length < self::SECURITY_WEAK) { $length = self::SECURITY_WEAK; }
 		$length = ceil($length / 2);
 		$Password = array();
 	// at first fill array alternating with vowels and consonants
@@ -200,18 +200,33 @@
 			$Password[] = $char == 'l' ? 'L' : $char;
 			$Password[] = $chars[1][rand(1000, 10000) % sizeof($chars[1])];
 		}
-	// transform 2 random chars into uppercase
-		for($x = 0; $x < 2; $x++) {
-			$pos = rand(1000, 10000) % sizeof($Password);
+	// transform some random chars into uppercase
+		$pos = ((rand(1000, 10000) % 3) + 1);
+		while($pos < sizeof($Password)) {
 			$Password[$pos] = ($Password[$pos] == 'i' || $Password[$pos] == 'o')
 			                  ? $Password[$pos] : strtoupper($Password[$pos]);
+			$pos += ((rand(1000, 10000) % 3) + 1);
 		}
-	// randomly insert one special char, but not at position 0 or as last char
-		$pos = (rand(1000, 10000) % (sizeof($Password)-2))+1;
-		$Password[$pos] = $chars[2][rand(1000, 10000) % sizeof($chars[2])];
-	// randomly insert a numeric char, between 1 and 9
-		$pos = rand(1000, 10000) % sizeof($Password);
-		$Password[$pos] = (rand(1000, 10000) % 9) + 1;
+	// insert some numeric chars, between 1 and 9
+		$specialChars = array();
+		$specialCharsCount = floor(sizeof($Password) / 4);
+		while(sizeof($specialChars) < $specialCharsCount) {
+			$key = (rand(1000, 10000) % sizeof($Password));
+			if(!isset($specialChars[$key])) {
+				$specialChars[$key] = (rand(1000, 10000) % 9) + 1;
+			}
+		}
+	// insert some punctuation chars, but not leading or trailing
+		$specialCharsCount += floor((sizeof($Password)-1) / 6);
+		while(sizeof($specialChars) < $specialCharsCount) {
+			$key = (rand(1000, 10000) % (sizeof($Password)-2))+1;
+			if(!isset($specialChars[$key])) {
+				$specialChars[$key] = $chars[2][(rand(1000, 10000) % sizeof($chars[2]))];
+			}
+		}
+		foreach($specialChars as $key=>$val) {
+			$Password[$key] = $val;
+		}
 
 		return implode($Password);
 	}
Index: branches/2.8.x/wb/warten.gif
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: branches/2.8.x/wb/warten.gif
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Index: branches/2.8.x/wb/pwgen.php
===================================================================
--- branches/2.8.x/wb/pwgen.php	(revision 1511)
+++ branches/2.8.x/wb/pwgen.php	(revision 1512)
@@ -1,3 +1,4 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <?php
 /**
  * @category     Core
@@ -10,32 +11,118 @@
  * @since        Datei vorhanden seit Release 2.8.2
  * @lastmodified $Date:$
  *
- * this class works with salted md5-hashes with several rounds. 
- * For backward compatibility it can compare normal md5-hashes also.
+ * This generator is based on the class PasswordHash (c)2011 ISTeasy
+ * It generates very strong Passwords and calculates several hashes also.
  *
  */
- $path2class = './framework/PasswordHash.php';
+
+	$minLoops = 8;
+	$maxLoops = 16;
+	$path2class = './framework/PasswordHash.php';
+	include $path2class;
 	$newpass = '';
 	$pass    = '';
 	$hash    = '';
-
-	include $path2class;
+// ** sanitize arguments
+// length of password
+	if(!isset($_POST['length']) ) { $_POST['length'] = PasswordHash::SECURITY_NORMAL; }
+	$length = intval($_POST['length']);
+// crypt type of hash
+	if(!isset($_POST['crypt']) ) { $_POST['crypt'] = 2; }
+	$crypt = intval($_POST['crypt']);
+	if($crypt < 0 || $crypt > 2) { $crypt = 2; }
+// number of encryption loops
+	if(!isset($_POST['loops']) ) { $_POST['loops'] = 0; }
+	$loops = intval($_POST['loops']);
+	if($loops < $minLoops || $loops > $maxLoops) { $loops =  $minLoops + floor(($maxLoops - $minLoops) / 2); }
+// requested action
 	if(!isset($_POST['action']) ) { $_POST['action'] = 'pass'; }
+// select actions
 	if($_POST['action'] == 'hash') {
 		if(isset($_POST['pass']) && trim($_POST['pass']) != '') {
 			$pass = trim($_POST['pass']);
 			$newpass = $pass;
-			$ph = new PasswordHash(12);
-			$hash = $ph->HashPassword($pass);
+			$ph = new PasswordHash($loops, ($crypt == 1));
+			$hash = $ph->HashPassword($pass, ($crypt == 0) );
 		}
 	}else {
-		if(!isset($_POST['length']) ) { $_POST['length'] = 8; }
-		$length = intval($_POST['length']);
 		$newpass = PasswordHash::NewPassword($length);
 		$pass = $newpass;
 	}
+// preselect length of password
+	$checkQuality0 = $length == PasswordHash::SECURITY_WEAK ? ' checked="checked"' : '';
+	$checkQuality1 = $length == PasswordHash::SECURITY_MEDIUM ? ' checked="checked"' : '';
+	$checkQuality2 = $length == PasswordHash::SECURITY_NORMAL ? ' checked="checked"' : '';
+	$checkQuality3 = $length == PasswordHash::SECURITY_STRONG ? ' checked="checked"' : '';
+	$checkQuality4 = $length == PasswordHash::SECURITY_STRONGER ? ' checked="checked"' : '';
+	if($checkQuality0.$checkQuality1.$checkQuality2.$checkQuality3.$checkQuality4 == '') {
+		$checkQuality2 = ' checked="checked"';
+	}
+// preselect hash type
+	$checkCrypt0 = $crypt == 0 ? ' checked="checked"' : '';
+	$checkCrypt1 = $crypt == 1 ? ' checked="checked"' : '';
+	$checkCrypt2 = $crypt == 2 ? ' checked="checked"' : '';
+	$bcryptActive = ( (method_exists('PasswordHash', '_GenSaltSha512') && CRYPT_SHA512 == 1) ||
+	                  (method_exists('PasswordHash', '_GenSaltBlowfish') && CRYPT_BLOWFISH == 1) ||
+	                  (method_exists('PasswordHash', '_GenSaltExtended') && CRYPT_EXT_DES == 1) );
+	$bcryptActive = $bcryptActive ? '' : ' style="display: none;"';
+// create encryption loops option-list
+	$loopsOptions = '';
+	for($x = $minLoops; $x <= $maxLoops; $x++) {
+		$curr = ($x == $loops ? ' selected="selected"' : '');
+		$loopsOptions .= '<option value="'.$x.'"'.$curr.'>2^'.$x.' ('.number_format(pow(2, $x), 0, ',', '.').')&nbsp;&nbsp;</option>'."\n";
+	}
 
-?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+// autodetect language
+	$lang = 'en';
+	if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) && strlen($_SERVER['HTTP_ACCEPT_LANGUAGE'])>2) {
+		$lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2));
+	}
+// define language translation tables
+	$TXT = array(
+		'en' => array(
+			'pw_title'      => 'Password-Generator',
+			'pw_quality'    => 'Quality of password',
+			'pw_quality_0'  => 'bad',
+			'pw_quality_1'  => 'weak',
+			'pw_quality_2'  => 'good',
+			'pw_quality_3'  => 'strong',
+			'pw_quality_4'  => 'excellent',
+			'pw_suggestion' => 'Our password suggestion',
+			'pw_action'     => 'suggest password',
+			'hg_title'      => 'Hash-Generator',
+			'hg_text'       => 'Enter Text to hash',
+			'hg_type'       => 'Kind of crypt',
+			'hg_type_0'     => 'simple MD5 (very insecure)',
+			'hg_type_1'     => 'MD5 + salt + rounds (relatively safe)',
+			'hg_type_2'     => 'Ext-DES/Blowfish/SHA512 + rounds (high security)',
+			'hg_loops'      => 'Number of rounds',
+			'hg_copy'       => 'Hash to copy',
+			'hg_action'     => 'calculate'
+		),
+		'de' => array(
+			'pw_title'      => 'Passwort-Generator',
+			'pw_quality'    => 'Qualität des Passwortes',
+			'pw_quality_0'  => 'schlecht',
+			'pw_quality_1'  => 'schwach',
+			'pw_quality_2'  => 'gut',
+			'pw_quality_3'  => 'stark',
+			'pw_quality_4'  => 'exzellent',
+			'pw_suggestion' => 'Unser Passwortvorschlag',
+			'pw_action'     => 'Passwort vorschlagen',
+			'hg_title'      => 'Hash-Generator',
+			'hg_text'       => 'zu hashenden Text eingeben',
+			'hg_type'       => 'Verschlüsselungsart',
+			'hg_type_0'     => 'einfaches MD5 (sehr unsicher)',
+			'hg_type_1'     => 'MD5 + Salz + mehrere Runden (relativ sicher)',
+			'hg_type_2'     => 'Ext-DES/Blowfish/SHA512 + mehrere Runden (sehr sicher)',
+			'hg_loops'      => 'Anzahl der Runden',
+			'hg_copy'       => 'erzeugten Hash kopieren',
+			'hg_action'     => 'berechnen'
+		)
+	);
+// start screen output
+?>
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
 	<head>
 		<title>PWH-Generator v.0.1</title>
@@ -53,7 +140,7 @@
 			}
 			body {
 				text-align: center;
-				padding-top: 4em;
+				padding-top: 2em;
 			}
 			.body {
 				width: 40em;
@@ -60,59 +147,115 @@
 				margin: auto;
 			}
 			fieldset {
-				padding: 1em 0;
+				padding: 1em;
+				text-align: left;
 			}
 			legend {
 				font-size: 1.3em;
 			}
 			input {
-				width: 90%;
 				margin: 0.5em 0;
 				padding: 3px;
 				font-size: 1.2em;
+				width: 97%;
+				background-color: transparent;
 			}
+			input[type = "radio"] {
+				display: inline;
+			}
 			#hash { font-size: 1em; }
 		</style>
-		<script type="text/javascript">
-			function clearHash() {
-				document.genhash.hash.value = "";
-			}
-
-		</script>
 	</head>
 	<body>
 		<div class="body">
 			<h1>PWH-Generator v.0.1</h1>
 			<fieldset>
-				<legend>&nbsp;Password-Generator&nbsp;</legend>
+				<legend>&nbsp;<?php echo $TXT[$lang]['pw_title']; ?>&nbsp;</legend>
 				<form  method="post" name="genpass" action="">
 					<input type="hidden" name="action" value="pass" />
-					<label for="length">length of password </label>&nbsp;&nbsp;
-					<input type="radio" name="length" value="6">06</input>&nbsp;
-					<input type="radio" name="length" value="8" checked="checked">08</input>&nbsp;
-					<input type="radio" name="length" value="10">10</input>&nbsp;
-					<input type="radio" name="length" value="12">12</input>&nbsp;
-					<input type="radio" name="length" value="14">14</input>&nbsp;
-					<input type="radio" name="length" value="16">16</input>&nbsp;
-					<input type="radio" name="length" value="18">18</input>&nbsp;
-					<input type="radio" name="length" value="20">20</input>&nbsp;<br /><br />
-					<label for="pass">Our password suggestion</label><br />
+					<input type="hidden" name="crypt" value="<?php echo $crypt; ?>" />
+					<input type="hidden" name="loops" value="<?php echo $loops; ?>" />
+					<label for="length"><strong><?php echo $TXT[$lang]['pw_quality']; ?></strong></label><br />
+					<input type="radio" id="length0" name="length" value="<?php echo PasswordHash::SECURITY_WEAK.'"'.$checkQuality0; ?>>
+						&nbsp;<label for="length0"><?php echo $TXT[$lang]['pw_quality_0']; ?></label></input>&nbsp;&nbsp;
+					<input type="radio" id="length1" name="length" value="<?php echo PasswordHash::SECURITY_MEDIUM.'"'.$checkQuality1; ?>>
+						&nbsp;<label for="length1"><?php echo $TXT[$lang]['pw_quality_1']; ?></label></input>&nbsp;&nbsp;
+					<input type="radio" id="length2" name="length" value="<?php echo PasswordHash::SECURITY_NORMAL.'"'.$checkQuality2; ?>>
+						&nbsp;<label for="length2"><?php echo $TXT[$lang]['pw_quality_2']; ?></label></input>&nbsp;&nbsp;
+					<input type="radio" id="length3" name="length" value="<?php echo PasswordHash::SECURITY_STRONG.'"'.$checkQuality3; ?>>
+						&nbsp;<label for="length3"><?php echo $TXT[$lang]['pw_quality_3']; ?></label></input>&nbsp;&nbsp;
+					<input type="radio" id="length4" name="length" value="<?php echo PasswordHash::SECURITY_STRONGER.'"'.$checkQuality4; ?>>
+						&nbsp;<label for="length4"><?php echo $TXT[$lang]['pw_quality_4']; ?></label></input>&nbsp;<br /><br />
+					<label for="pass"><strong><?php echo $TXT[$lang]['pw_suggestion']; ?></strong></label><br />
 					<input type="text" id="pass" name="pass" value="<?php echo $newpass; ?>" readonly="readonly" /><br /><br />
-					<input name="submit" id="submit1" type="submit" value="suggest password" />
+					<input name="submit" id="submit1" type="submit" value="<?php echo $TXT[$lang]['pw_action']; ?>" />
 				</form>
 			</fieldset><br /><br />
-			<fieldset>
-				<legend>&nbsp;Hash-Generator&nbsp;</legend>
+			<fieldset id="setHash" style="position: relative; background: url('warten.gif') -1000px no-repeat;">
+				<legend>&nbsp;<?php echo $TXT[$lang]['hg_title']; ?>&nbsp;</legend>
 				<form  method="post" name="genhash" action="">
 					<input type="hidden" name="action" value="hash" />
-					<label for="pass">Enter Text to hash</label><br />
-					<input type="text" id="pass" name="pass" value="<?php echo $pass; ?>" onkeypress="clearHash();" /><br />
-					<label for="hash">Hash to copy</label><br />
-					<input type="text" id="hash" name="hash" value="<?php echo $hash; ?>" readonly="readonly" /><br /><br />
-					<input name="submit" id="submit0" type="submit" value="calculate hash" />
+					<input type="hidden" name="length" value="<?php echo $length; ?>" />
+					<label for="pass"><strong><?php echo $TXT[$lang]['hg_text']; ?></strong></label><br />
+					<input type="text" id="hgpass" name="pass" value="<?php echo $pass; ?>" /><br />
+					<strong><?php echo $TXT[$lang]['hg_type']; ?></strong><br />
+					<input type="radio" id="crypt0" name="crypt" value="0"<?php echo $checkCrypt0; ?>>&nbsp;
+						<label for="crypt0"><?php echo $TXT[$lang]['hg_type_0']; ?></label></input><br />
+					<input type="radio" id="crypt1" name="crypt" value="1"<?php echo $checkCrypt1; ?>>&nbsp;
+						<label for="crypt1"><?php echo $TXT[$lang]['hg_type_1']; ?></label></input><br />
+					<span<?php echo $bcryptActive; ?>>
+						<input type="radio" id="crypt2" name="crypt" value="2"<?php echo $checkCrypt2; ?>>&nbsp;
+							<label for="crypt2"><?php echo $TXT[$lang]['hg_type_2']; ?></label></input>
+					</span>
+					<br />
+					<div id="loopsbox">
+						<select name="loops">
+							<?php echo $loopsOptions; ?>
+						</select>&nbsp;&nbsp;<?php echo $TXT[$lang]['hg_loops']?><br /><br />
+					</div>
+					<br />
+					<label for="hash"><strong><?php echo $TXT[$lang]['hg_copy']; ?></strong></label>
+					<div>
+						<input type="text" id="hash" name="hash" value="<?php echo $hash; ?>" readonly="readonly" />
+					</div>
+					<br />
+					<input name="submit" id="submit0" type="submit" value="<?php echo $TXT[$lang]['hg_action']; ?>" />
 				</form>
 			</fieldset>
+			<span style="font-size: 0.7em">
+				&copy;2011&nbsp;<a href="http://isteasy.de/" title="ISTeasy-project"><span style="font-style: italic; fontweight: bold;">
+					<span style="color: #aa0000;">IST</span>easy</span>-project</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+				<a href="http://creativecommons.org/licenses/by-sa/3.0/" title="Creative Commons BY-SA 3.0">
+					Creative Commons BY-SA 3.0</a>
+			</span>
 		</div>
+
+<script type="text/javascript">
+/* <![CDATA[ */
+	function showWait() {
+		document.getElementById('setHash').style.backgroundPosition = 'center';
+	}
+
+	function clearHash() {
+		document.getElementById('hash').value = "";
+	}
+
+	function showLoops() {
+		if (document.getElementById("crypt0").checked == true) {
+			document.getElementById("loopsbox").style.display = 'none';
+		}else {
+			document.getElementById("loopsbox").style.display = 'block';
+		}
+	}
+	showLoops();
+	document.getElementById('crypt0').addEventListener("click", showLoops, false);
+	document.getElementById('crypt1').addEventListener("click", showLoops, false);
+	document.getElementById('crypt2').addEventListener("click", showLoops, false);
+	document.getElementById('hgpass').addEventListener("keypress", clearHash, false);
+	document.getElementById('submit0').addEventListener("click", showWait, false);
+/* ]]> */
+</script>
+
 	</body>
 </html>