Project

General

Profile

« Previous | Next » 

Revision 1930

Added by darkviper over 11 years ago

implement class Password and activate it (not implemented for use yet)

View differences:

branches/2.8.x/CHANGELOG
11 11
! = Update/Change
12 12
===============================================================================
13 13

  
14
09 Jul-2013 Build 1930 Werner v.d.Decken(DarkViper)
15
! implement class Password and activate it
14 16
21 Jun-2013 Build 1929 Werner v.d.Decken(DarkViper)
15 17
! added new method to class Translate. it gives posibility to handle translations with additional replacements.
16 18
20 Jun-2013 Build 1928 Werner v.d.Decken(DarkViper)
branches/2.8.x/wb/upgrade-script.php
577 577

  
578 578
    $aDebugMessage[] = (db_update_key_value( 'settings', $cfg ) ? " $OK<br />" : " $FAIL!<br />");
579 579

  
580
	/**********************************************************
581
	 *  - Adding password settings to settings table
582
	 */
583
	$aDebugMessage[] = "<span>Adding/updating password settings to settings table</span>";
584
	$cfg = array();
585
	$cfg['password_crypt_loops'] = (defined('PASSWORD_CRYPT_LOOPS') ? PASSWORD_CRYPT_LOOPS : '12');
586
	$cfg['password_hash_type'] = (defined('PASSWORD_HASH_TYPES') ? PASSWORD_HASH_TYPES : 'false');
587
	$cfg['password_length'] = (defined('PASSWORD_LENGTH') ? PASSWORD_LENGTH : '10');
588
	$cfg['password_use_types'] = (defined('PASSWORD_USE_TYPES') ? PASSWORD_USE_TYPES : (int)0xFFFF);
589
    $aDebugMessage[] = (db_update_key_value( 'settings', $cfg ) ? " $OK<br />" : " $FAIL!<br />");
590

  
580 591
if($bDebugModus) {
581 592
    echo implode(PHP_EOL,$aDebugMessage);
582 593
}
branches/2.8.x/wb/include/phpass/PasswordHash.php
27 27
 */
28 28

  
29 29
class PasswordHash {
30
	private $itoa64;
31
	private $itoa64BlowFish;
32
	private $iteration_count_log2;
33
	private $portable_hashes;
34
	private $random_state;
30
	protected $itoa64;
31
	protected $itoa64BlowFish;
32
	protected $random_state;
33
	protected $iteration_count_log2;
34
	protected $portable_hashes;
35 35

  
36 36
	public function __construct($iteration_count_log2, $portable_hashes)
37 37
	{
......
154 154
 */
155 155
	private function gensalt_sha($input, $sType = 'SHA512')
156 156
	{
157
		$iType = ($sType === 'SHA512') ? 6 : (($sType === 'SHA256') ? 5 : 6);
158
		$iIterations = pow(2, $this->iteration_count_log2);
159
		$iIterations = min(max($iIterations, 10000), 999999999);
157
		$iType = ($sType === 'SHA256' ? 5 : 6);
158
		$iIterations = min(max(pow(2, $this->iteration_count_log2), 10000), 999999999);
160 159
		$output = '$'.(string)$iType.'$rounds='.(string)$iIterations.'$';
161 160
		$output .= $this->encode64($input, 16);
162 161
		return $output;
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.3');
54
if(!defined('REVISION')) define('REVISION', '1929');
54
if(!defined('REVISION')) define('REVISION', '1930');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/framework/initialize.php
341 341
										 'WbOldStyle',
342 342
										 (DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0)
343 343
										);
344
	$oPass = Password::getInstance();
345
	if(defined('PASSWORD_CRYPT_LOOPS')) { $oPass->setIteration(PASSWORD_CRYPT_LOOPS); }
346
	if(defined('PASSWORD_HASH_TYPES'))  { $oPass->setIteration(PASSWORD_HASH_TYPES); }
344 347
// *** END OF FILE ***********************************************************************
345 348
 
branches/2.8.x/wb/framework/Password.php
31 31
 *               ISTeam changes: added SHA-256, SHA-512 (2012/10/27 Werner v.d. Decken)
32 32
 */
33 33

  
34
// backwardcompatibility for PHP 5.2.2 + WB2.8.x
35 34
if(!class_exists('PasswordHash')) {
36
	include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php'); 
35
	include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php');
37 36
}
38 37

  
39

  
40 38
class Password extends PasswordHash
41
//class Password extends vendors\phpass\PasswordHash
42 39
{
43 40

  
44
	const CRYPT_LOOPS_MIN     =  6;  // minimum numbers of loops is 2^6 (64) very, very quick
41
	const CRYPT_LOOPS_MIN     =  6;  // minimum numbers of loops is 2^6 (64) very quick but unsecure
45 42
	const CRYPT_LOOPS_MAX     = 31;  // maximum numbers of loops is 2^31 (2,147,483,648) extremely slow
46 43
	const CRYPT_LOOPS_DEFAULT = 12;  // default numbers of loopf is 2^12 (4096) a good average
47 44

  
48 45
	const HASH_TYPE_PORTABLE  = true;  // use MD5 only
49
	const HASH_TYPE_AUTO      = false; // select highest available crypting methode
46
	const HASH_TYPE_AUTO      = false; // select highest available crypting methode (default)
50 47

  
51 48
	const PW_LENGTH_MIN       =   6;
52 49
	const PW_LENGTH_MAX       = 100;
......
58 55
	const PW_USE_SPECIAL      = 0x0008; // use special chars
59 56
	const PW_USE_ALL          = 0xFFFF; // use all possibilities
60 57

  
58
	/** holds the active singleton instance */
59
	private static $_oInstance     = null;
60

  
61
	protected $oHashMethods        = null;
62
	protected $iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT;
63
	protected $bPortableHashes     = self::HASH_TYPE_AUTO;
64

  
61 65
/**
62
 * 
63
 * @param int number of iterations as exponent of 2 (must be between 4 and 31)
64
 * @param bool TRUE = use MD5 only | FALSE = automatic
66
 * constructor
65 67
 */
66
	public function __construct($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT, $bPortableHashes = self::HASH_TYPE_AUTO)
68
	protected function __construct()
67 69
	{
68
		parent::__construct($iIterationCountLog2, $bPortableHashes);
70
		parent::__construct(self::CRYPT_LOOPS_DEFAULT, self::HASH_TYPE_AUTO);
69 71
	}
70 72
/**
73
 * dissable cloning
74
 */
75
	private function __clone() {
76
		;
77
	}
78
/**
79
 * get current instance or create new one
80
 * @return Password
81
 */
82
	public static function getInstance()
83
	{
84
		if( is_null(self::$_oInstance) ) {
85
            $c = __CLASS__;
86
            self::$_oInstance = new $c;
87
			self::$_oInstance->setIteration(self::CRYPT_LOOPS_DEFAULT);
88
			self::$_oInstance->setHashType(self::HASH_TYPE_AUTO);
89
		}
90
		return self::$oInstance;
91
	}
92
/**
93
 * set the number of iterations
94
 * @param int $iIterationCountLog2 number of iterations defined as the exponent to basic 2
95
 */
96
	public function setIteration($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT)
97
	{
98
		$this->iteration_count_log2 = min(max($iIterationCountLog2, self::CRYPT_LOOPS_MIN), self::CRYPT_LOOPS_MAX);
99
	}
100
/**
101
 * set type of hash generation
102
 * @param bool $bPortableHashes
103
 * @description HASH_TYPE_AUTO will choose the higest available algorithm to create a hash (default)<br />
104
 *              Attention: it's possible that high level generated hashes from PHP>=5.3 are not validable under PHP<5.3!!<br />
105
 *              HASH_TYPE_PORTABLE choose MD5 hashing with salt and n iterations
106
 */
107
	public function setHashType($bPortableHashes = self::HASH_TYPE_AUTO)
108
	{
109
		if(version_compare('5.3', PHP_VERSION, '<')) {
110
			$this->portable_hashes = self::HASH_TYPE_PORTABLE;
111
		}else {
112
			$this->portable_hashes = (boolean)$bPortableHashes;
113
		}
114
	}
115
/**
71 116
 * make hash from password
72 117
 * @param string password to hash
73 118
 * @return string generated hash. Null if failed.
......
97 142
 */
98 143
	public static function isValid($sPassword)
99 144
	{
145
/** @todo extend blacklist with additional utf8 codes */
100 146
		$sBlackList = '\"\'\,\;\<\>\?\\\{\|\}\~ '
101 147
		            . '\x00-\x20\x22\x27\x2c\x3b\x3c\x3e\x3f\x5c\x7b-\x7f\xff';
102 148
		$bRetval = !preg_match('/['.$sBlackList.']/si', $sPassword);
branches/2.8.x/wb/install/save.php
471 471

  
472 472
	require(ADMIN_PATH.'/interface/version.php');
473 473

  
474
	$settings_rows=	"INSERT INTO `".TABLE_PREFIX."settings` "
475
	." (setting_id, name, value) VALUES "
476
	." ( 1, 'wb_version', '".VERSION."'),"
477
	." ( 2, 'website_title', '$website_title'),"
478
	." ( 3, 'website_description', ''),"
479
	." ( 4, 'website_keywords', ''),"
480
	." ( 5, 'website_header', ''),"
481
	." ( 6, 'website_footer', ''),"
482
	." ( 7, 'wysiwyg_style', 'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;'),"
483
	." ( 8, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt'),"
484
	." ( 9, 'er_level', '0'),"
485
	." (10, 'default_language', '$default_language'),"
486
	." (11, 'app_name', 'wb_$session_rand'),"
487
	." (12, 'sec_anchor', 'Sec'),"
488
	." (13, 'default_timezone', '$default_timezone'),"
489
	." (14, 'default_date_format', 'Y-m-d'),"
490
	." (15, 'default_time_format', 'h:i A'),"
491
	." (16, 'redirect_timer', '1500'),"
492
	." (17, 'home_folders', 'true'),"
493
	." (18, 'warn_page_leave', '1'),"
494
	." (19, 'default_template', 'round'),"
495
	." (20, 'default_theme', 'wb_theme'),"
496
	." (21, 'default_charset', 'utf-8'),"
497
	." (22, 'multiple_menus', 'true'),"
498
	." (23, 'page_level_limit', '6'),"
499
	." (24, 'intro_page', 'false'),"
500
	." (25, 'page_trash', 'inline'),"
501
	." (26, 'homepage_redirection', 'false'),"
502
	." (27, 'page_languages', 'true'),"
503
	." (28, 'wysiwyg_editor', 'fckeditor'),"
504
	." (29, 'manage_sections', 'true'),"
505
	." (30, 'section_blocks', 'false'),"
506
	." (31, 'smart_login', 'false'),"
507
	." (32, 'frontend_login', 'false'),"
508
	." (33, 'frontend_signup', 'false'),"
509
	." (34, 'search', 'public'),"
510
	." (35, 'page_extension', '.php'),"
511
	." (36, 'page_spacer', '-'),"
512
	." (37, 'pages_directory', '/pages'),"
513
	." (38, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt'),"
514
	." (39, 'media_directory', '/media'),"
515
	." (40, 'operating_system', '$operating_system'),"
516
	." (41, 'string_file_mode', '$file_mode'),"
517
	." (42, 'string_dir_mode', '$dir_mode'),"
518
	." (43, 'wbmailer_routine', 'phpmail'),"
519
	." (44, 'server_email', '$admin_email'),"
520
	." (45, 'wbmailer_default_sendername', 'WebsiteBaker Mailer'),"
521
	." (46, 'wbmailer_smtp_host', ''),"
522
	." (47, 'wbmailer_smtp_auth', ''),"
523
	." (48, 'wbmailer_smtp_username', ''),"
524
	." (49, 'wbmailer_smtp_password', ''),"
525
	." (50, 'fingerprint_with_ip_octets', '2'),"
526
	." (51, 'secure_form_module', ''),"
527
	." (52, 'mediasettings', ''),"
528
	." (53, 'wb_revision', '".REVISION."'),"
529
 	." (54, 'wb_sp', '".SP."'),"
530
	." (55, 'page_icon_dir', '/templates/*/title_images'),"
531
	." (56, 'dev_infos', 'false'),"
532
	." (57, 'groups_updated', '".time()."'),"
533
	." (58, 'wbmail_signature', ''),"
534
	." (59, 'confirmed_registration', '1'),"
535
	." (60, 'page_extendet', 'true'),"
536
	." (62, 'system_locked', '0')";
474
	$sql = 'INSERT INTO `'.TABLE_PREFIX.'settings` (`name`, `value`) VALUES '
475
	     . '(\'wb_version\', \''.VERSION.'\'), '
476
	     . '(\'website_title\', \''.$website_title.'\'), '
477
	     . '(\'website_description\', \'\'), '
478
	     . '(\'website_keywords\', \'\'), '
479
	     . '(\'website_header\', \'\'), '
480
	     . '(\'website_footer\', \'\'), '
481
	     . '(\'wysiwyg_style\', \'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;\'), '
482
	     . '(\'rename_files_on_upload\', \'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt\'), '
483
	     . '(\'er_level\', \'0\'), '
484
	     . '(\'default_language\', \''.$default_language.'\'), '
485
	     . '(\'app_name\', \'wb_'.$session_rand.'\'), '
486
	     . '(\'sec_anchor\', \'Sec\'), '
487
	     . '(\'default_timezone\', \''.$default_timezone.'\'), '
488
	     . '(\'default_date_format\', \'Y-m-d\'), '
489
	     . '(\'default_time_format\', \'h:i A\'), '
490
	     . '(\'redirect_timer\', \'1500\'), '
491
	     . '(\'home_folders\', \'true\'), '
492
	     . '(\'warn_page_leave\', \'1\'), '
493
	     . '(\'default_template\', \'round\'), '
494
	     . '(\'default_theme\', \'wb_theme\'), '
495
	     . '(\'default_charset\', \'utf-8\'), '
496
	     . '(\'multiple_menus\', \'true\'), '
497
	     . '(\'page_level_limit\', \'6\'), '
498
	     . '(\'intro_page\', \'false\'), '
499
	     . '(\'page_trash\', \'inline\'), '
500
	     . '(\'homepage_redirection\', \'false\'), '
501
	     . '(\'page_languages\', \'true\'), '
502
	     . '(\'wysiwyg_editor\', \'fckeditor\'), '
503
	     . '(\'manage_sections\', \'true\'), '
504
	     . '(\'section_blocks\', \'false\'), '
505
	     . '(\'smart_login\', \'false\'), '
506
	     . '(\'frontend_login\', \'false\'), '
507
	     . '(\'frontend_signup\', \'false\'), '
508
	     . '(\'search\', \'public\'), '
509
	     . '(\'page_extension\', \'.php\'), '
510
	     . '(\'page_spacer\', \'-\'), '
511
	     . '(\'pages_directory\', \'/pages\'), '
512
	     . '(\'rename_files_on_upload\', \'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt\'), '
513
	     . '(\'media_directory\', \'/media\'), '
514
	     . '(\'operating_system\', \''.$operating_system.'\'), '
515
	     . '(\'string_file_mode\', \''.$file_mode.'\'), '
516
	     . '(\'string_dir_mode\', \''.$dir_mode.'\'), '
517
	     . '(\'wbmailer_routine\', \'phpmail\'), '
518
	     . '(\'server_email\', \''.$admin_email.'\'), '
519
	     . '(\'wbmailer_default_sendername\', \'WebsiteBaker Mailer\'), '
520
	     . '(\'wbmailer_smtp_host\', \'\'), '
521
	     . '(\'wbmailer_smtp_auth\', \'\'), '
522
	     . '(\'wbmailer_smtp_username\', \'\'), '
523
	     . '(\'wbmailer_smtp_password\', \'\'), '
524
	     . '(\'fingerprint_with_ip_octets\', \'2\'), '
525
	     . '(\'secure_form_module\', \'\'), '
526
	     . '(\'mediasettings\', \'\'), '
527
	     . '(\'wb_revision\', \''.REVISION.'\'), '
528
 	     . '(\'wb_sp\', \''.SP.'\'), '
529
	     . '(\'page_icon_dir\', \'/templates/*/title_images\'), '
530
	     . '(\'dev_infos\', \'false\'), '
531
	     . '(\'groups_updated\', \''.time().'\'), '
532
	     . '(\'wbmail_signature\', \'\'), '
533
	     . '(\'confirmed_registration\', \'1\'), '
534
	     . '(\'page_extendet\', \'true\'), '
535
	     . '(\'system_locked\', \'0\'), '
536
	     . '(\'password_crypt_loops\', \'12\'), '
537
	     . '(\'password_hash_type\', \'false\'), '
538
	     . '(\'password_length\', \'10\'), '
539
		 . '(\'password_use_types\', \''.(int)0xFFFF.'\') '
540
	     . '';
537 541
	if(!$database->query($settings_rows)) { set_error($database->get_error()); }
538 542

  
539 543
	// Admin group
540
	$full_system_permissions  = 'access,addons,admintools,admintools_view,groups,groups_add,groups_delete,groups_modify,groups_view,';
541
	$full_system_permissions .= 'languages,languages_install,languages_uninstall,languages_view,media,media_create,media_delete,media_rename,media_upload,media_view,';
542
	$full_system_permissions .= 'modules,modules_advanced,modules_install,modules_uninstall,modules_view,pages,pages_add,pages_add_l0,pages_delete,pages_intro,pages_modify,pages_settings,pages_view,';
543
	$full_system_permissions .= 'preferences,preferences_view,settings,settings_advanced,settings_basic,settings_view,templates,templates_install,templates_uninstall,templates_view,users,users_add,users_delete,users_modify,users_view';
544
	$insert_admin_group = "INSERT INTO `".TABLE_PREFIX."groups` VALUES ('1', 'Administrators', '$full_system_permissions', '', '')";
545
	if(!$database->query($insert_admin_group)) { set_error($database->get_error()); }
544
	$full_system_permissions  = 'access,addons,admintools,admintools_view,groups,groups_add,groups_delete,'
545
	                          . 'groups_modify,groups_view,languages,languages_install,languages_uninstall,'
546
	                          . 'languages_view,media,media_create,media_delete,media_rename,media_upload,'
547
	                          . 'media_view,modules,modules_advanced,modules_install,modules_uninstall,'
548
	                          . 'modules_view,pages,pages_add,pages_add_l0,pages_delete,pages_intro,'
549
	                          . 'pages_modify,pages_settings,pages_view,preferences,preferences_view,'
550
	                          . 'settings,settings_advanced,settings_basic,settings_view,templates,'
551
	                          . 'templates_install,templates_uninstall,templates_view,users,users_add,'
552
	                          . 'users_delete,users_modify,users_view';
553
	$sql = 'INSERT INTO `'.TABLE_PREFIX.'groups` '
554
	     . 'SET `group_id` =1,'
555
	     .     '`name`=\'Administrators\','
556
		 .     '`system_permissions`=\''.$full_system_permissions.'\','
557
		 .     '`module_permissions`=\'\','
558
		 .     '`template_permissions`=\'\'';
559
	if(!$database->query($sql)) { set_error($database->get_error()); }
546 560

  
547 561
// Admin user
548 562
	$insert_admin_user = "INSERT INTO `".TABLE_PREFIX."users` VALUES (1, 1, '1', 1, '$admin_username', '".md5($admin_password)."', '', 0, '', 0, 'Administrator', '$admin_email', $default_timezone, '', '', '$default_language', '', 0, '');";

Also available in: Unified diff