Revision 1901
Added by darkviper over 11 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
=============================================================================== |
13 | 13 |
|
14 |
|
|
14 |
19 Apr-2013 Build 1901 Werner v.d.Decken(DarkViper) |
|
15 |
# little corrections in class Password |
|
15 | 16 |
18 Apr-2013 Build 1900 Werner v.d.Decken(DarkViper) |
16 | 17 |
+ Classes Password / PasswordHash Added for an essential strengthening of the password security |
17 | 18 |
04 Apr-2013 Build 1899 Dietmar Woellbrink (Luisehahne) |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
51 | 51 |
|
52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3'); |
54 |
if(!defined('REVISION')) define('REVISION', '1900');
|
|
54 |
if(!defined('REVISION')) define('REVISION', '1901');
|
|
55 | 55 |
if(!defined('SP')) define('SP', ''); |
branches/2.8.x/wb/framework/initialize.php | ||
---|---|---|
208 | 208 |
if(!function_exists('globalExceptionHandler')) { |
209 | 209 |
include(dirname(__FILE__).'/globalExceptionHandler.php'); |
210 | 210 |
} |
211 |
// activate secure PasswordHashes |
|
212 |
if(!class_exists('PasswordHash')) { |
|
213 |
include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php'); |
|
214 |
} |
|
215 | 211 |
// --------------------------- |
216 | 212 |
// Create global database instance --- |
217 | 213 |
$database = WbDatabase::getInstance(); |
branches/2.8.x/wb/framework/Password.php | ||
---|---|---|
36 | 36 |
*/ |
37 | 37 |
|
38 | 38 |
// use \vendors\phpass\PasswordHash; |
39 |
if(!class_exists('PasswordHash')) { |
|
40 |
include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php'); |
|
41 |
} |
|
39 | 42 |
|
43 |
|
|
40 | 44 |
class Password extends PasswordHash |
41 | 45 |
//class Password extends v_phpass_PasswordHash |
42 | 46 |
{ |
43 | 47 |
|
44 | 48 |
const MIN_CRYPT_LOOPS = 6; // minimum numbers of loops is 2^6 (64) very, very quick |
45 |
const MAX_CRYPT_LOOPS = 32; // maximum numbers of loops is 2^32 (4,294,967,296) extremely slow
|
|
49 |
const MAX_CRYPT_LOOPS = 31; // maximum numbers of loops is 2^31 (2,147,483,648) extremely slow
|
|
46 | 50 |
const DEFAULT_CRYPT_LOOPS = 12; // default numbers of loopf is 2^12 (4096) a good average |
47 | 51 |
|
48 | 52 |
const HASH_TYPE_PORTABLE = true; // use MD5 only |
... | ... | |
59 | 63 |
const PW_USE_ALL = 0xFFFF; // use all possibilities |
60 | 64 |
|
61 | 65 |
/** |
66 |
* |
|
62 | 67 |
* @param int number of iterations as exponent of 2 (must be between 4 and 31) |
63 | 68 |
* @param bool TRUE = use MD5 only | FALSE = automatic |
64 | 69 |
*/ |
... | ... | |
70 | 75 |
* @param string password to hash |
71 | 76 |
* @return string generated hash. Null if failed. |
72 | 77 |
*/ |
73 |
public function HashPassword($sPassword)
|
|
78 |
public function hashPassword($sPassword)
|
|
74 | 79 |
{ |
75 | 80 |
$sNewHash = parent::HashPassword($sPassword); |
76 | 81 |
return ($sNewHash == '*') ? null : $sNewHash; |
... | ... | |
80 | 85 |
* @param string existing stored hash |
81 | 86 |
* @return bool true if PW matches the stored hash |
82 | 87 |
*/ |
83 |
public function CheckPassword($sPassword, $sStoredHash)
|
|
88 |
public function checkPassword($sPassword, $sStoredHash)
|
|
84 | 89 |
{ |
85 | 90 |
// compatibility layer for deprecated, simple and old MD5 hashes |
86 | 91 |
if(preg_match('/^[0-9a-f]{32}$/si', $sStoredHash)) { |
Also available in: Unified diff
little corrections in class Password