Project

General

Profile

« Previous | Next » 

Revision 1932

Added by darkviper over 11 years ago

modified class Password for use with different hashing classes

View differences:

branches/2.8.x/CHANGELOG
11 11
! = Update/Change
12 12
===============================================================================
13 13

  
14
13 Jul-2013 Build 1932 Werner v.d.Decken(DarkViper)
15
! modified class Password for use with different hashing classes
14 16
09 Jul-2013 Build 1931 Werner v.d.Decken(DarkViper)
15 17
# typofixes in /install/save.php
16 18
09 Jul-2013 Build 1930 Werner v.d.Decken(DarkViper)
branches/2.8.x/wb/include/phpass/PasswordHash.php
26 26
 * requirements (there can be none), but merely suggestions.
27 27
 */
28 28

  
29
class PasswordHash {
29
class PasswordHash implements PasswordHashInterface {
30 30
	protected $itoa64;
31 31
	protected $itoa64BlowFish;
32 32
	protected $random_state;
33
	protected $iteration_count_log2;
34
	protected $portable_hashes;
35 33

  
34
	public $iteration_count_log2;
35
	public $portable_hashes;
36

  
36 37
	public function __construct($iteration_count_log2, $portable_hashes)
37 38
	{
38 39
		$this->itoa64         = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
......
48 49
			$this->random_state .= getmypid();
49 50
		}
50 51
	}
52
/** Begin inserted function for WebsiteBaker by M.v.d.Decken **/
53
/**
54
 * Interface compatibility methode to set values
55
 * @param int  $iIterations number of iterations
56
 * @param bool $bHashType   type of encoding
57
 */
58
	public function setParams($iIterations, $bHashType){
59
		$this->iteration_count_log2 = $iIterations;
60
		$this->portable_hashes = $bHashType;
61
	}
62
/** End inserted function for WebsiteBaker by M.v.d.Decken **/
51 63

  
52 64
	private function get_random_bytes($count)
53 65
	{
......
145 157
		$output .= $this->encode64($input, 3);
146 158
		return $output;
147 159
	}
148
/** Begin inserted function for WebsiteBaker by W.v.d.Decken **/	
160
/** Begin inserted function for WebsiteBaker by M.v.d.Decken **/
149 161
/**
150 162
 * 
151 163
 * @param type $input
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.3');
54
if(!defined('REVISION')) define('REVISION', '1931');
54
if(!defined('REVISION')) define('REVISION', '1932');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/framework/initialize.php
341 341
										 'WbOldStyle',
342 342
										 (DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0)
343 343
										);
344
	$oPass = Password::getInstance();
344
	if(!class_exists('PasswordHash')) { include(WB_PATH.'/include/phpass/PasswordHash.php'); }
345

  
346
	$oPass = Password::getInstance(new PasswordHash(Password::CRYPT_LOOPS_DEFAULT, Password::HASH_TYPE_AUTO));
345 347
	if(defined('PASSWORD_CRYPT_LOOPS')) { $oPass->setIteration(PASSWORD_CRYPT_LOOPS); }
346
	if(defined('PASSWORD_HASH_TYPES'))  { $oPass->setIteration(PASSWORD_HASH_TYPES); }
348
	if(defined('PASSWORD_HASH_TYPES'))  { $oPass->setHashType(PASSWORD_HASH_TYPES); }
347 349
// *** END OF FILE ***********************************************************************
348 350
 
branches/2.8.x/wb/framework/Password.php
35 35
	include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php');
36 36
}
37 37

  
38
class Password extends PasswordHash
38
class Password
39 39
{
40 40

  
41 41
	const CRYPT_LOOPS_MIN     =  6;  // minimum numbers of loops is 2^6 (64) very quick but unsecure
......
58 58
	/** holds the active singleton instance */
59 59
	private static $_oInstance     = null;
60 60

  
61
	protected $oHashMethods        = null;
61
	private   $oPwHashClass        = null;
62 62
	protected $iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT;
63 63
	protected $bPortableHashes     = self::HASH_TYPE_AUTO;
64 64

  
......
67 67
 */
68 68
	protected function __construct()
69 69
	{
70
		parent::__construct(self::CRYPT_LOOPS_DEFAULT, self::HASH_TYPE_AUTO);
71 70
	}
72 71
/**
73 72
 * dissable cloning
......
79 78
 * get current instance or create new one
80 79
 * @return Password
81 80
 */
82
	public static function getInstance()
81
	public static function getInstance($oPwHash = null)
83 82
	{
84 83
		if( is_null(self::$_oInstance) ) {
85
            $c = __CLASS__;
86
            self::$_oInstance = new $c;
87
			self::$_oInstance->setIteration(self::CRYPT_LOOPS_DEFAULT);
88
			self::$_oInstance->setHashType(self::HASH_TYPE_AUTO);
84
			if(is_object($oPwHash) && ($oPwHash instanceof PasswordHashInterface) ) {
85
				$c = __CLASS__;
86
				self::$_oInstance = new $c;
87
				self::$_oInstance->oPwHashClass = $oPwHash;
88
				self::$_oInstance->setIteration(self::CRYPT_LOOPS_DEFAULT);
89
				self::$_oInstance->setHashType(self::HASH_TYPE_AUTO);
90
			}else {
91
				throw new PasswordException('hashing class is not an object or does not implement PasswordHashInterface');
92
			}
89 93
		}
90
		return self::$oInstance;
94
		return self::$_oInstance;
91 95
	}
92 96
/**
93 97
 * set the number of iterations
......
95 99
 */
96 100
	public function setIteration($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT)
97 101
	{
98
		$this->iteration_count_log2 = min(max($iIterationCountLog2, self::CRYPT_LOOPS_MIN), self::CRYPT_LOOPS_MAX);
102
		$this->$iIterationCountLog2 = min(max($iIterationCountLog2, self::CRYPT_LOOPS_MIN), self::CRYPT_LOOPS_MAX);
103
		$this->oPwHashClass->setParams($this->iIterationCountLog2, $this->bPortableHashes);
99 104
	}
100 105
/**
101 106
 * set type of hash generation
......
107 112
	public function setHashType($bPortableHashes = self::HASH_TYPE_AUTO)
108 113
	{
109 114
		if(version_compare('5.3', PHP_VERSION, '<')) {
110
			$this->portable_hashes = self::HASH_TYPE_PORTABLE;
115
			$this->bPortableHashes = self::HASH_TYPE_PORTABLE;
111 116
		}else {
112
			$this->portable_hashes = (boolean)$bPortableHashes;
117
			$this->bPortableHashes = (boolean)$bPortableHashes;
113 118
		}
119
		$this->oPwHashClass->setParams($this->iIterationCountLog2, $this->bPortableHashes);
114 120
	}
115 121
/**
116 122
 * make hash from password
......
119 125
 */
120 126
	public function makeHash($sPassword)
121 127
	{
122
		$sNewHash = parent::HashPassword($sPassword);
128
		if(!is_object($this->oPwHashClass)) {
129
			throw new PasswordException('Missing Object to calculate hashes');
130
		}
131
		$sNewHash = $this->oPwHashClass->HashPassword($sPassword);
123 132
		return ($sNewHash == '*') ? null : $sNewHash;
124 133
	}
125 134
/**
......
129 138
 */
130 139
	public function checkIt($sPassword, $sStoredHash)
131 140
	{
141
		if(!is_object($this->oPwHashClass)) {
142
			throw new PasswordException('Missing Object to calculate hashes');
143
		}
132 144
		// compatibility layer for deprecated, simple and old MD5 hashes
133 145
		if(preg_match('/^[0-9a-f]{32}$/si', $sStoredHash)) {
134 146
			return (md5($sPassword) === $sStoredHash);
135 147
		}
136
		return parent::CheckPassword($sPassword, $sStoredHash);
148
		return $this->oPwHashClass->CheckPassword($sPassword, $sStoredHash);
137 149
	}
138 150
/**
139 151
 * Check password for forbidden characters
......
250 262
		return $aPassword;
251 263
	}
252 264

  
253
} // end of class PasswordHash
265
} // end of class Password
266
// //////////////////////////////////////////////////////////////////////////////////// //
267
/**
268
 * PasswordException
269
 *
270
 * @category     WBCore
271
 * @package      WBCore_Security
272
 * @author       Werner v.d.Decken <wkl@isteam.de>
273
 * @copyright    Werner v.d.Decken <wkl@isteam.de>
274
 * @license      http://www.gnu.org/licenses/gpl.html   GPL License
275
 * @version      2.9.0
276
 * @revision     $Revision$
277
 * @lastmodified $Date$
278
 */
279
class PasswordException extends AppException { }
branches/2.8.x/wb/framework/PasswordHashInterface.php
1
<?php
2

  
3
/**
4
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5
 *
6
 * This program is free software: you can redistribute it and/or modify
7
 * it under the terms of the GNU General Public License as published by
8
 * the Free Software Foundation, either version 3 of the License, or
9
 * (at your option) any later version.
10
 *
11
 * This program is distributed in the hope that it will be useful,
12
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14
 * GNU General Public License for more details.
15
 *
16
 * You should have received a copy of the GNU General Public License
17
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18
 */
19

  
20
/**
21
 * PasswordHashInterface.php
22
 *
23
 * @category     Core
24
 * @package      Core_Security
25
 * @copyright    M.v.d.Decken <manuela@isteam.de>
26
 * @author       M.v.d.Decken <manuela@isteam.de>
27
 * @license      http://www.gnu.org/licenses/gpl.html   GPL License
28
 * @version      0.0.1
29
 * @revision     $Revision: $
30
 * @link         $HeadURL: $
31
 * @lastmodified $Date: $
32
 * @since        File available since 10.07.2013
33
 * @deprecated   This interface is deprecated since the ...
34
 * @description  xyz
35
 */
36
interface PasswordHashInterface {
37
	public function __construct($iteration_count_log2, $portable_hashes);
38
	public function HashPassword($password);
39
	public function CheckPassword($password, $stored_hash);
40
	public function setParams($iIterations, $bHashType);
41
}
42

  
43
// end of class PasswordHashInterface

Also available in: Unified diff