Revision 1901
Added by darkviper over 12 years ago
| branches/2.8.x/CHANGELOG | ||
|---|---|---|
| 11 | 11 |
! = Update/Change |
| 12 | 12 |
=============================================================================== |
| 13 | 13 |
|
| 14 |
|
|
| 14 |
19 Apr-2013 Build 1901 Werner v.d.Decken(DarkViper) |
|
| 15 |
# little corrections in class Password |
|
| 15 | 16 |
18 Apr-2013 Build 1900 Werner v.d.Decken(DarkViper) |
| 16 | 17 |
+ Classes Password / PasswordHash Added for an essential strengthening of the password security |
| 17 | 18 |
04 Apr-2013 Build 1899 Dietmar Woellbrink (Luisehahne) |
| branches/2.8.x/wb/admin/interface/version.php | ||
|---|---|---|
| 51 | 51 |
|
| 52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
| 53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3');
|
| 54 |
if(!defined('REVISION')) define('REVISION', '1900');
|
|
| 54 |
if(!defined('REVISION')) define('REVISION', '1901');
|
|
| 55 | 55 |
if(!defined('SP')) define('SP', '');
|
| branches/2.8.x/wb/framework/initialize.php | ||
|---|---|---|
| 208 | 208 |
if(!function_exists('globalExceptionHandler')) {
|
| 209 | 209 |
include(dirname(__FILE__).'/globalExceptionHandler.php'); |
| 210 | 210 |
} |
| 211 |
// activate secure PasswordHashes |
|
| 212 |
if(!class_exists('PasswordHash')) {
|
|
| 213 |
include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php'); |
|
| 214 |
} |
|
| 215 | 211 |
// --------------------------- |
| 216 | 212 |
// Create global database instance --- |
| 217 | 213 |
$database = WbDatabase::getInstance(); |
| branches/2.8.x/wb/framework/Password.php | ||
|---|---|---|
| 36 | 36 |
*/ |
| 37 | 37 |
|
| 38 | 38 |
// use \vendors\phpass\PasswordHash; |
| 39 |
if(!class_exists('PasswordHash')) {
|
|
| 40 |
include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php'); |
|
| 41 |
} |
|
| 39 | 42 |
|
| 43 |
|
|
| 40 | 44 |
class Password extends PasswordHash |
| 41 | 45 |
//class Password extends v_phpass_PasswordHash |
| 42 | 46 |
{
|
| 43 | 47 |
|
| 44 | 48 |
const MIN_CRYPT_LOOPS = 6; // minimum numbers of loops is 2^6 (64) very, very quick |
| 45 |
const MAX_CRYPT_LOOPS = 32; // maximum numbers of loops is 2^32 (4,294,967,296) extremely slow
|
|
| 49 |
const MAX_CRYPT_LOOPS = 31; // maximum numbers of loops is 2^31 (2,147,483,648) extremely slow
|
|
| 46 | 50 |
const DEFAULT_CRYPT_LOOPS = 12; // default numbers of loopf is 2^12 (4096) a good average |
| 47 | 51 |
|
| 48 | 52 |
const HASH_TYPE_PORTABLE = true; // use MD5 only |
| ... | ... | |
| 59 | 63 |
const PW_USE_ALL = 0xFFFF; // use all possibilities |
| 60 | 64 |
|
| 61 | 65 |
/** |
| 66 |
* |
|
| 62 | 67 |
* @param int number of iterations as exponent of 2 (must be between 4 and 31) |
| 63 | 68 |
* @param bool TRUE = use MD5 only | FALSE = automatic |
| 64 | 69 |
*/ |
| ... | ... | |
| 70 | 75 |
* @param string password to hash |
| 71 | 76 |
* @return string generated hash. Null if failed. |
| 72 | 77 |
*/ |
| 73 |
public function HashPassword($sPassword)
|
|
| 78 |
public function hashPassword($sPassword)
|
|
| 74 | 79 |
{
|
| 75 | 80 |
$sNewHash = parent::HashPassword($sPassword); |
| 76 | 81 |
return ($sNewHash == '*') ? null : $sNewHash; |
| ... | ... | |
| 80 | 85 |
* @param string existing stored hash |
| 81 | 86 |
* @return bool true if PW matches the stored hash |
| 82 | 87 |
*/ |
| 83 |
public function CheckPassword($sPassword, $sStoredHash)
|
|
| 88 |
public function checkPassword($sPassword, $sStoredHash)
|
|
| 84 | 89 |
{
|
| 85 | 90 |
// compatibility layer for deprecated, simple and old MD5 hashes |
| 86 | 91 |
if(preg_match('/^[0-9a-f]{32}$/si', $sStoredHash)) {
|
Also available in: Unified diff
little corrections in class Password