/ - Diff - WB 2.08.x - Tracking

     ! = Update/Change
     ===============================================================================
 Jul-2013 Build 1932 Werner v.d.Decken(DarkViper)
     ! modified class Password for use with different hashing classes
 Jul-2013 Build 1931 Werner v.d.Decken(DarkViper)
     # typofixes in /install/save.php
 Jul-2013 Build 1930 Werner v.d.Decken(DarkViper)

      * requirements (there can be none), but merely suggestions.
      */
     class PasswordHash {
     class PasswordHash implements PasswordHashInterface {
     	protected $itoa64;
     	protected $itoa64BlowFish;
     	protected $random_state;
     	protected $iteration_count_log2;
     	protected $portable_hashes;
     	public $iteration_count_log2;
     	public $portable_hashes;
     	public function __construct($iteration_count_log2, $portable_hashes)
+    	{
     		$this->itoa64         = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
-...
     			$this->random_state .= getmypid();
+    		}
+    	}
     /** Begin inserted function for WebsiteBaker by M.v.d.Decken **/
     /**
      * Interface compatibility methode to set values
      * @param int  $iIterations number of iterations
      * @param bool $bHashType   type of encoding
      */
     	public function setParams($iIterations, $bHashType){
     		$this->iteration_count_log2 = $iIterations;
     		$this->portable_hashes = $bHashType;
+    	}
     /** End inserted function for WebsiteBaker by M.v.d.Decken **/
     	private function get_random_bytes($count)
+    	{
-...
     		$output .= $this->encode64($input, 3);
     		return $output;
+    	}
     /** Begin inserted function for WebsiteBaker by W.v.d.Decken **/
     /** Begin inserted function for WebsiteBaker by M.v.d.Decken **/
     /**
+     *
      * @param type $input

branches/2.8.x/wb/admin/interface/version.php
51	51
52	52	// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53	53	if(!defined('VERSION')) define('VERSION', '2.8.3');
54		if(!defined('REVISION')) define('REVISION', '1931');
	54	if(!defined('REVISION')) define('REVISION', '1932');
55	55	if(!defined('SP')) define('SP', '');

     										 'WbOldStyle',
     										 (DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0)
     										);
     	$oPass = Password::getInstance();
     	if(!class_exists('PasswordHash')) { include(WB_PATH.'/include/phpass/PasswordHash.php'); }
     	$oPass = Password::getInstance(new PasswordHash(Password::CRYPT_LOOPS_DEFAULT, Password::HASH_TYPE_AUTO));
     	if(defined('PASSWORD_CRYPT_LOOPS')) { $oPass->setIteration(PASSWORD_CRYPT_LOOPS); }
     	if(defined('PASSWORD_HASH_TYPES'))  { $oPass->setIteration(PASSWORD_HASH_TYPES); }
     	if(defined('PASSWORD_HASH_TYPES'))  { $oPass->setHashType(PASSWORD_HASH_TYPES); }
     // *** END OF FILE ***********************************************************************

     	include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php');
+    }
     class Password extends PasswordHash
     class Password
+    {
     	const CRYPT_LOOPS_MIN     =  6;  // minimum numbers of loops is 2^6 (64) very quick but unsecure
-...
     	/** holds the active singleton instance */
     	private static $_oInstance     = null;
     	protected $oHashMethods        = null;
     	private   $oPwHashClass        = null;
     	protected $iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT;
     	protected $bPortableHashes     = self::HASH_TYPE_AUTO;
-...
      */
     	protected function __construct()
+    	{
     		parent::__construct(self::CRYPT_LOOPS_DEFAULT, self::HASH_TYPE_AUTO);
+    	}
     /**
      * dissable cloning
-...
      * get current instance or create new one
      * @return Password
      */
     	public static function getInstance()
     	public static function getInstance($oPwHash = null)
+    	{
     		if( is_null(self::$_oInstance) ) {
                 $c = __CLASS__;
                 self::$_oInstance = new $c;
     			self::$_oInstance->setIteration(self::CRYPT_LOOPS_DEFAULT);
     			self::$_oInstance->setHashType(self::HASH_TYPE_AUTO);
     			if(is_object($oPwHash) && ($oPwHash instanceof PasswordHashInterface) ) {
     				$c = __CLASS__;
     				self::$_oInstance = new $c;
     				self::$_oInstance->oPwHashClass = $oPwHash;
     				self::$_oInstance->setIteration(self::CRYPT_LOOPS_DEFAULT);
     				self::$_oInstance->setHashType(self::HASH_TYPE_AUTO);
     			}else {
     				throw new PasswordException('hashing class is not an object or does not implement PasswordHashInterface');
+    			}
+    		}
     		return self::$oInstance;
     		return self::$_oInstance;
+    	}
     /**
      * set the number of iterations
-...
      */
     	public function setIteration($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT)
+    	{
     		$this->iteration_count_log2 = min(max($iIterationCountLog2, self::CRYPT_LOOPS_MIN), self::CRYPT_LOOPS_MAX);
     		$this->$iIterationCountLog2 = min(max($iIterationCountLog2, self::CRYPT_LOOPS_MIN), self::CRYPT_LOOPS_MAX);
     		$this->oPwHashClass->setParams($this->iIterationCountLog2, $this->bPortableHashes);
+    	}
     /**
      * set type of hash generation
-...
     	public function setHashType($bPortableHashes = self::HASH_TYPE_AUTO)
+    	{
     		if(version_compare('5.3', PHP_VERSION, '<')) {
     			$this->portable_hashes = self::HASH_TYPE_PORTABLE;
     			$this->bPortableHashes = self::HASH_TYPE_PORTABLE;
     		}else {
     			$this->portable_hashes = (boolean)$bPortableHashes;
     			$this->bPortableHashes = (boolean)$bPortableHashes;
+    		}
     		$this->oPwHashClass->setParams($this->iIterationCountLog2, $this->bPortableHashes);
+    	}
     /**
      * make hash from password
-...
      */
     	public function makeHash($sPassword)
+    	{
     		$sNewHash = parent::HashPassword($sPassword);
     		if(!is_object($this->oPwHashClass)) {
     			throw new PasswordException('Missing Object to calculate hashes');
+    		}
     		$sNewHash = $this->oPwHashClass->HashPassword($sPassword);
     		return ($sNewHash == '*') ? null : $sNewHash;
+    	}
     /**
-...
      */
     	public function checkIt($sPassword, $sStoredHash)
+    	{
     		if(!is_object($this->oPwHashClass)) {
     			throw new PasswordException('Missing Object to calculate hashes');
+    		}
     		// compatibility layer for deprecated, simple and old MD5 hashes
     		if(preg_match('/^[0-9a-f]{32}$/si', $sStoredHash)) {
     			return (md5($sPassword) === $sStoredHash);
+    		}
     		return parent::CheckPassword($sPassword, $sStoredHash);
     		return $this->oPwHashClass->CheckPassword($sPassword, $sStoredHash);
+    	}
     /**
      * Check password for forbidden characters
-...
     		return $aPassword;
+    	}
     } // end of class PasswordHash
     } // end of class Password
     // //////////////////////////////////////////////////////////////////////////////////// //
     /**
      * PasswordException
+     *
      * @category     WBCore
      * @package      WBCore_Security
      * @author       Werner v.d.Decken <wkl@isteam.de>
      * @copyright    Werner v.d.Decken <wkl@isteam.de>
      * @license      http://www.gnu.org/licenses/gpl.html   GPL License
      * @version      2.9.0
      * @revision     $Revision$
      * @lastmodified $Date$
      */
     class PasswordException extends AppException { }

     <?php
     /**
      * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+     *
      * This program is free software: you can redistribute it and/or modify
      * it under the terms of the GNU General Public License as published by
      * the Free Software Foundation, either version 3 of the License, or
      * (at your option) any later version.
+     *
      * This program is distributed in the hope that it will be useful,
      * but WITHOUT ANY WARRANTY; without even the implied warranty of
      * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      * GNU General Public License for more details.
+     *
      * You should have received a copy of the GNU General Public License
      * along with this program.  If not, see <http://www.gnu.org/licenses/>.
      */
     /**
      * PasswordHashInterface.php
+     *
      * @category     Core
      * @package      Core_Security
      * @copyright    M.v.d.Decken <manuela@isteam.de>
      * @author       M.v.d.Decken <manuela@isteam.de>
      * @license      http://www.gnu.org/licenses/gpl.html   GPL License
      * @version      0.0.1
      * @revision     $Revision: $
      * @link         $HeadURL: $
      * @lastmodified $Date: $
      * @since        File available since 10.07.2013
      * @deprecated   This interface is deprecated since the ...
      * @description  xyz
      */
     interface PasswordHashInterface {
     	public function __construct($iteration_count_log2, $portable_hashes);
     	public function HashPassword($password);
     	public function CheckPassword($password, $stored_hash);
     	public function setParams($iIterations, $bHashType);
+    }
     // end of class PasswordHashInterface

Project

General

Profile

WB 2.08.x

Revision 1932

Added by darkviper over 12 years ago