Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG (revision 1902)
+++ branches/2.8.x/CHANGELOG (revision 1903)
@@ -11,6 +11,9 @@
! = Update/Change
===============================================================================
+13 May-2013 Build 1903 Werner v.d.Decken(DarkViper)
+! some typofixes in class PassWord
+- class /framework/PasswordHash never needed(replaced by /include/phpass/PasswordHash
12 May-2013 Build 1902 Werner v.d.Decken(DarkViper)
+ added posssibility to use different adaptors for each module
+ added new adaptor to access language definitions in a MySQL database
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php (revision 1902)
+++ branches/2.8.x/wb/admin/interface/version.php (revision 1903)
@@ -51,5 +51,5 @@
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
if(!defined('VERSION')) define('VERSION', '2.8.3');
-if(!defined('REVISION')) define('REVISION', '1902');
+if(!defined('REVISION')) define('REVISION', '1903');
if(!defined('SP')) define('SP', '');
Index: branches/2.8.x/wb/framework/PasswordHash.php
===================================================================
--- branches/2.8.x/wb/framework/PasswordHash.php (revision 1902)
+++ branches/2.8.x/wb/framework/PasswordHash.php (nonexistent)
@@ -1,234 +0,0 @@
-
- * in 2004-2006 and placed in the public domain. Revised in subsequent years,
- * still public domain. There's absolutely no warranty.
- * The homepage URL for this framework is: http://www.openwall.com/phpass/
- * *****************************************************************************
- */
-class PasswordHash {
-
- const SECURITY_WEAK = 6;
- const SECURITY_MEDIUM = 8;
- const SECURITY_NORMAL = 10;
- const SECURITY_STRONG = 12;
- const SECURITY_STRONGER = 16;
-
- private $_itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
- private $_iterationCountLog2 = 8;
- private $_portableHashes = true;
- private $_randomState = '';
-
- /**
- * @param int $iterationCountLog2 number of iterations as exponent of 2
- * @param bool $portableHashes TRUE = use MD5 only | FALSE = automatic
- */
- public function __construct($iterationCountLog2, $portableHashes = true)
- {
-
- if ($iterationCountLog2 < 4 || $iterationCountLog2 > 31) {
- $iterationCountLog2 = 8;
- }
- $this->_iterationCountLog2 = $iterationCountLog2;
- $this->_portableHashes = $portableHashes;
- $this->_randomState = microtime();
- if (function_exists('getmypid')) {
- $this->_randomState .= getmypid();
- }
- }
-
-
- private function _getRandomBytes($count)
- {
- $output = '';
- if (is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) {
- $output = fread($fh, $count);
- fclose($fh);
- }
- if (strlen($output) < $count) {
- $output = '';
- for ($i = 0; $i < $count; $i += 16) {
- $this->_randomState = md5(microtime() . $this->_randomState);
- $output .= pack('H*', md5($this->_randomState));
- }
- $output = substr($output, 0, $count);
- }
- return $output;
- }
-
- private function _Encode64($input, $count)
- {
- $output = '';
- $i = 0;
- do {
- $value = ord($input[$i++]);
- $output .= $this->_itoa64[$value & 0x3f];
- if ($i < $count) {
- $value |= ord($input[$i]) << 8;
- }
- $output .= $this->_itoa64[($value >> 6) & 0x3f];
- if ($i++ >= $count) { break; }
- if ($i < $count) {
- $value |= ord($input[$i]) << 16;
- }
- $output .= $this->_itoa64[($value >> 12) & 0x3f];
- if ($i++ >= $count) { break; }
- $output .= $this->_itoa64[($value >> 18) & 0x3f];
- } while ($i < $count);
- return $output;
- }
-
- private function _GenSaltPrivate($input)
- {
- $output = '$P$';
- $output .= $this->_itoa64[min($this->_iterationCountLog2 + 5, 30)];
- $output .= $this->_Encode64($input, 6);
- return $output;
- }
-
- private function _CryptPrivate($password, $setting)
- {
- $output = '*0';
- if (substr($setting, 0, 2) == $output) {
- $output = '*1';
- }
- $id = substr($setting, 0, 3);
- # We use "$P$", phpBB3 uses "$H$" for the same thing
- if ($id != '$P$' && $id != '$H$') {
- return $output;
- }
- $count_log2 = strpos($this->_itoa64, $setting[3]);
- if ($count_log2 < 7 || $count_log2 > 30) {
- return $output;
- }
- $count = 1 << $count_log2;
- $salt = substr($setting, 4, 8);
- if (strlen($salt) != 8) {
- return $output;
- }
- # We're kind of forced to use MD5 here since it's the only
- # cryptographic primitive available in all versions of PHP
- # currently in use. To implement our own low-level crypto
- # in PHP would result in much worse performance and
- # consequently in lower iteration counts and hashes that are
- # quicker to crack (by non-PHP code).
- $hash = md5($salt . $password, TRUE);
- do {
- $hash = md5($hash . $password, TRUE);
- } while (--$count);
- $output = substr($setting, 0, 12);
- $output .= $this->_Encode64($hash, 16);
- return $output;
- }
-
- /**
- * calculate the hash from a given password
- * @param string $password password as original string
- * @return string generated hash | '*' on error
- */
- public function HashPassword($password, $md5 = false)
- {
- if ($md5) { return(md5($password)); }
- $random = '';
- if (strlen($random) < 6) {
- $random = $this->_getRandomBytes(6);
- }
- $hash = $this->_CryptPrivate($password, $this->_GenSaltPrivate($random));
- if (strlen($hash) == 34) {
- return $hash;
- }
- # Returning '*' on error is safe here, but would _not_ be safe
- # in a crypt(3)-like function used _both_ for generating new
- # hashes and for validating passwords against existing hashes.
- return '*';
- }
-
- /**
- * encodes the password and compare it against the given hash
- * @param string $password clear password
- * @param string $stored_hash the hash to compare against
- * @return bool
- */
- public function CheckPassword($password, $stored_hash)
- {
- // compare against a normal, simple md5-hash
- if(preg_match('/^[0-9a-f]{32}$/i', $stored_hash)) {
- return md5($password) == $stored_hash;
- }
- // compare against a rounded, salted md5-hash
- $hash = $this->_CryptPrivate($password, $stored_hash);
- if ($hash[0] == '*') {
- $hash = crypt($password, $stored_hash);
- }
- return $hash == $stored_hash;
- }
- /**
- * generate a case sensitive mnemonic password including numbers and special chars
- * makes no use of lowercase 'l', uppercase 'I', 'O' or number '0'
- * @param int $length length of the generated password. default = 8
- * @return string
- */
- public static function NewPassword($length = self::SECURITY_MEDIUM)
- {
- $chars = array(
- array('b','c','d','f','g','h','j','k','l','m','n','p','r','s','t','v','w','x','y','z'),
- array('a','e','i','o','u'),
- array('!','-','@','_',':','.','+','%','/','*')
- );
- if($length < self::SECURITY_WEAK) { $length = self::SECURITY_WEAK; }
- $length = ceil($length / 2);
- $Password = array();
- // at first fill array alternating with vowels and consonants
- for($x = 0; $x < $length; $x++) {
- $char = $chars[0][rand(1000, 10000) % sizeof($chars[0])];
- $Password[] = $char == 'l' ? 'L' : $char;
- $Password[] = $chars[1][rand(1000, 10000) % sizeof($chars[1])];
- }
- // transform some random chars into uppercase
- $pos = ((rand(1000, 10000) % 3) + 1);
- while($pos < sizeof($Password)) {
- $Password[$pos] = ($Password[$pos] == 'i' || $Password[$pos] == 'o')
- ? $Password[$pos] : strtoupper($Password[$pos]);
- $pos += ((rand(1000, 10000) % 3) + 1);
- }
- // insert some numeric chars, between 1 and 9
- $specialChars = array();
- $specialCharsCount = floor(sizeof($Password) / 4);
- while(sizeof($specialChars) < $specialCharsCount) {
- $key = (rand(1000, 10000) % sizeof($Password));
- if(!isset($specialChars[$key])) {
- $specialChars[$key] = (rand(1000, 10000) % 9) + 1;
- }
- }
- // insert some punctuation chars, but not leading or trailing
- $specialCharsCount += floor((sizeof($Password)-1) / 6);
- while(sizeof($specialChars) < $specialCharsCount) {
- $key = (rand(1000, 10000) % (sizeof($Password)-2))+1;
- if(!isset($specialChars[$key])) {
- $specialChars[$key] = $chars[2][(rand(1000, 10000) % sizeof($chars[2]))];
- }
- }
- foreach($specialChars as $key=>$val) {
- $Password[$key] = $val;
- }
-
- return implode($Password);
- }
-
-} // end of class
Index: branches/2.8.x/wb/framework/Password.php
===================================================================
--- branches/2.8.x/wb/framework/Password.php (revision 1902)
+++ branches/2.8.x/wb/framework/Password.php (revision 1903)
@@ -16,13 +16,6 @@
* along with this program. If not, see .
*/
/**
- * Description of Password
- * *****************************************************************************
- * This class is interfacing the Portable PHP password hashing framework.
- * Version 0.4 / ISTeam Rev. 0.1
- * ISTeam changes: added SHA-256, SHA-512 (2012/10/27 Werner v.d. Decken)
- * *****************************************************************************
- *
* @category WBCore
* @package WBCore_Security
* @author Werner v.d. Decken
@@ -33,9 +26,12 @@
* @link $HeadURL$
* @lastmodified $Date$
* @since Datei vorhanden seit Release 1.2.0
+ * @description This class is interfacing the Portable PHP password hashing framework.
+ * Version 0.4 / ISTeam Rev. 0.1
+ * ISTeam changes: added SHA-256, SHA-512 (2012/10/27 Werner v.d. Decken)
*/
-// use \vendors\phpass\PasswordHash;
+// backwardcompatibility for PHP 5.2.2 + WB2.8.x
if(!class_exists('PasswordHash')) {
include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php');
}
@@ -42,19 +38,19 @@
class Password extends PasswordHash
-//class Password extends v_phpass_PasswordHash
+//class Password extends vendors\phpass\PasswordHash
{
- const MIN_CRYPT_LOOPS = 6; // minimum numbers of loops is 2^6 (64) very, very quick
- const MAX_CRYPT_LOOPS = 31; // maximum numbers of loops is 2^31 (2,147,483,648) extremely slow
- const DEFAULT_CRYPT_LOOPS = 12; // default numbers of loopf is 2^12 (4096) a good average
+ const CRYPT_LOOPS_MIN = 6; // minimum numbers of loops is 2^6 (64) very, very quick
+ const CRYPT_LOOPS_MAX = 31; // maximum numbers of loops is 2^31 (2,147,483,648) extremely slow
+ const CRYPT_LOOPS_DEFAULT = 12; // default numbers of loopf is 2^12 (4096) a good average
const HASH_TYPE_PORTABLE = true; // use MD5 only
const HASH_TYPE_AUTO = false; // select highest available crypting methode
- const MIN_PW_LENGTH = 6;
- const MAX_PW_LENGTH = 100;
- const DEFAULT_PW_LENGTH = 10;
+ const PW_LENGTH_MIN = 6;
+ const PW_LENGTH_MAX = 100;
+ const PW_LENGTH_DEFAULT = 10;
const PW_USE_LOWERCHAR = 0x0001; // use lower chars
const PW_USE_UPPERCHAR = 0x0002; // use upper chars
@@ -67,7 +63,7 @@
* @param int number of iterations as exponent of 2 (must be between 4 and 31)
* @param bool TRUE = use MD5 only | FALSE = automatic
*/
- public function __construct($iIterationCountLog2 = self::DEFAULT_CRYPT_LOOPS, $bPortableHashes = self::HASH_TYPE_AUTO)
+ public function __construct($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT, $bPortableHashes = self::HASH_TYPE_AUTO)
{
parent::__construct($iIterationCountLog2, $bPortableHashes);
}
@@ -96,11 +92,11 @@
/**
* generate a case sensitive mnemonic password including numbers and special chars
* makes no use of confusing characters like 'O' and '0' and so on.
- * @param int length of the generated password. default = DEFAULT_PW_LENGTH
+ * @param int length of the generated password. default = PW_LENGTH_DEFAULT
* @param int defines which elemets are used to generate a password. Default = PW_USE_ALL
* @return string
*/
- public static function createNew($iLength = self::DEFAULT_PW_LENGTH, $iElements = self::PW_USE_ALL)
+ public static function createNew($iLength = self::PW_LENGTH_DEFAULT, $iElements = self::PW_USE_ALL)
{
$aChars = array(
array('b','c','d','f','g','h','j','k','m','n','p','q','r','s','t','v','w','x','y','z'),
@@ -110,8 +106,8 @@
array('!','-','@','_',':','.','+','%','/','*')
);
$iElements = ($iElements & self::PW_USE_ALL) == 0 ? self::PW_USE_ALL : $iElements;
- if(($iLength < self::MIN_PW_LENGTH) || ($iLength > self::MAX_PW_LENGTH)) {
- $iLength = self::DEFAULT_PW_LENGTH;
+ if(($iLength < self::PW_LENGTH_MIN) || ($iLength > self::PW_LENGTH_MAX)) {
+ $iLength = self::PW_LENGTH_DEFAULT;
}
// at first create random arrays of lowerchars and uperchars
// alternating between vowels and consonants
@@ -119,15 +115,15 @@
$aLowerCase = array();
for($x = 0; $x < ceil($iLength / 2); $x++) {
// consonants
- $y = rand(1000, 10000) % sizeof($aChars[0]);
- $aLowerCase[] = $aChars[0][$y];
- $y = rand(1000, 10000) % sizeof($aChars[1]);
- $aUpperCase[] = $aChars[1][$y];
+ $i1 = rand(1000, 10000) % sizeof($aChars[0]);
+ $aLowerCase[] = $aChars[0][$i1];
+ $i2 = rand(1000, 10000) % sizeof($aChars[1]);
+ $aUpperCase[] = $aChars[1][$i2];
// vowels
- $y = rand(1000, 10000) % sizeof($aChars[2]);
- $aLowerCase[] = $aChars[2][$y];
- $y = rand(1000, 10000) % sizeof($aChars[3]);
- $aUpperCase[] = $aChars[3][$y];
+ $i3 = rand(1000, 10000) % sizeof($aChars[2]);
+ $aLowerCase[] = $aChars[2][$i3];
+ $i4 = rand(1000, 10000) % sizeof($aChars[3]);
+ $aUpperCase[] = $aChars[3][$i4];
}
// create random arrays of numeric digits 2-9 and special chars
$aDigits = array();
@@ -154,8 +150,8 @@
}
if($iElements & self::PW_USE_DIGITS) {
if($bMerge) {
- $iNumberOfDigits = (rand(1000, 10000) % ceil($iLength / 2.5));
- $iNumberOfDigits = $iNumberOfDigits ? $iNumberOfDigits : 1;
+ $x = (rand(1000, 10000) % ceil($iLength / 2.5));
+ $iNumberOfDigits = $x ? $x : 1;
$aPassword = self::_mergeIntoPassword($aPassword, $aDigits, $iNumberOfDigits);
}else {
$aPassword = $aDigits;
@@ -164,8 +160,8 @@
}
if($iElements & self::PW_USE_SPECIAL) {
if($bMerge) {
- $iNumberOfSpecialChars = rand(1000, 10000) % ceil($iLength / 5);
- $iNumberOfSpecialChars = $iNumberOfSpecialChars ? $iNumberOfSpecialChars : 1;
+ $x = rand(1000, 10000) % ceil($iLength / 5);
+ $iNumberOfSpecialChars = $x ? $x : 1;
$aPassword = self::_mergeIntoPassword($aPassword, $aSpecialChars, $iNumberOfSpecialChars);
}else {
$aPassword = $aSpecialChars;