PageRenderTime 11ms CodeModel.GetById 1ms app.highlight 3ms RepoModel.GetById 1ms app.codeStats 0ms

/gforge/plugins/wiki/www/passencrypt.php

https://github.com/neymanna/fusionforge
PHP | 167 lines | 130 code | 10 blank | 27 comment | 27 complexity | 2f7df063d289a12b4a0a82868a2196d7 MD5 | raw file
  1<?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n"; ?>
  2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  3  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  4<html xmlns="http://www.w3.org/1999/xhtml">
  5<head>
  6<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  7<!-- $Id: passencrypt.php,v 1.6 2005/09/18 11:14:56 rurban Exp $ -->
  8<title>Password Encryption Tool</title>
  9<!--
 10Copyright 1999, 2000, 2001, 2002 $ThePhpWikiProgrammingTeam
 11
 12This file is part of PhpWiki.
 13
 14PhpWiki is free software; you can redistribute it and/or modify
 15it under the terms of the GNU General Public License as published by
 16the Free Software Foundation; either version 2 of the License, or
 17(at your option) any later version.
 18
 19PhpWiki is distributed in the hope that it will be useful,
 20but WITHOUT ANY WARRANTY; without even the implied warranty of
 21MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 22GNU General Public License for more details.
 23
 24You should have received a copy of the GNU General Public License
 25along with PhpWiki; if not, write to the Free Software
 26Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 27-->
 28</head>
 29<body>
 30<h1>Password Encryption Tool</h1>
 31<?php
 32/**
 33 * Seed the random number generator.
 34 *
 35 * better_srand() ensures the randomizer is seeded only once.
 36 * 
 37 * How random do you want it? See:
 38 * http://www.php.net/manual/en/function.srand.php
 39 * http://www.php.net/manual/en/function.mt-srand.php
 40 */
 41function better_srand($seed = '') {
 42    static $wascalled = FALSE;
 43    if (!$wascalled) {
 44        if ($seed === '') {
 45            list($usec, $sec) = explode(" ", microtime());
 46            if ($usec > 0.1) 
 47                $seed = (double) $usec * $sec;
 48            else // once in a while use the combined LCG entropy
 49                $seed = (double) 1000000 * substr(uniqid("", true), 13);
 50        }
 51        if (function_exists('mt_srand')) {
 52            mt_srand($seed); // mersenne twister
 53        } else {
 54            srand($seed);    
 55        }
 56        $wascalled = TRUE;
 57    }
 58}
 59
 60function rand_ascii($length = 1) {
 61    better_srand();
 62    $s = "";
 63    for ($i = 1; $i <= $length; $i++) {
 64        // return only typeable 7 bit ascii, avoid quotes
 65        if (function_exists('mt_rand'))
 66            // the usually bad glibc srand()
 67            $s .= chr(mt_rand(40, 126)); 
 68        else
 69            $s .= chr(rand(40, 126));
 70    }
 71    return $s;
 72}
 73
 74////
 75// Function to create better user passwords (much larger keyspace),
 76// suitable for user passwords.
 77// Sequence of random ASCII numbers, letters and some special chars.
 78// Note: There exist other algorithms for easy-to-remember passwords.
 79function random_good_password ($minlength = 5, $maxlength = 8) {
 80    $newpass = '';
 81    // assume ASCII ordering (not valid on EBCDIC systems!)
 82    $valid_chars = "!#%&+-.0123456789=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz";
 83    $start = ord($valid_chars);
 84    $end   = ord(substr($valid_chars, -1));
 85    better_srand();
 86    if (function_exists('mt_rand')) // mersenne twister
 87        $length = mt_rand($minlength, $maxlength);
 88    else        // the usually bad glibc rand()
 89        $length = rand($minlength, $maxlength);
 90    while ($length > 0) {
 91        if (function_exists('mt_rand'))
 92            $newchar = mt_rand($start, $end);
 93        else
 94            $newchar = rand($start, $end);
 95        if (! strrpos($valid_chars, $newchar) )
 96            continue; // skip holes
 97        $newpass .= sprintf("%c", $newchar);
 98        $length--;
 99    }
100    return $newpass;
101}
102
103/** PHP5 deprecated old-style globals if !(bool)ini_get('register_long_arrays'). 
104  *  See Bug #1180115
105  * We want to work with those old ones instead of the new superglobals, 
106  * for easier coding.
107  */
108foreach (array('SERVER','GET','POST','ENV') as $k) {
109    if (!isset($GLOBALS['HTTP_'.$k.'_VARS']) and isset($GLOBALS['_'.$k]))
110        $GLOBALS['HTTP_'.$k.'_VARS'] =& $GLOBALS['_'.$k];
111}
112unset($k);
113
114$posted = $GLOBALS['HTTP_POST_VARS'];
115if (!empty($posted['create'])) {
116    $new_password = random_good_password();
117    echo "<p>The newly created random password is:<br />\n<br />&nbsp;&nbsp;&nbsp;\n<tt><strong>",
118         htmlentities($new_password),"</strong></tt></p>\n";
119    $posted['password'] = $new_password;
120    $posted['password2'] = $new_password;
121}
122
123if (($posted['password'] != "")
124    && ($posted['password'] == $posted['password2'])) {
125    $password = $posted['password'];
126    /**
127     * http://www.php.net/manual/en/function.crypt.php
128     */
129    // Use the maximum salt length the system can handle.
130    $salt_length = max(CRYPT_SALT_LENGTH,
131                        2 * CRYPT_STD_DES,
132                        9 * CRYPT_EXT_DES,
133                       12 * CRYPT_MD5,
134                       16 * CRYPT_BLOWFISH);
135    // Generate the encrypted password.
136    $encrypted_password = crypt($password, rand_ascii($salt_length));
137    $debug = $HTTP_GET_VARS['debug'];
138    if ($debug)
139        echo "The password was encrypted using a salt length of: $salt_length<br />\n";
140    echo "<p>The encrypted password is:<br />\n<br />&nbsp;&nbsp;&nbsp;\n<tt><strong>",
141         htmlentities($encrypted_password),"</strong></tt></p>\n";
142    echo "<hr />\n";
143}
144else if ($posted['password'] != "") {
145    echo "The passwords did not match. Please try again.<br />\n";
146}
147if (empty($REQUEST_URI))
148    $REQUEST_URI = $HTTP_ENV_VARS['REQUEST_URI'];
149if (empty($REQUEST_URI))
150    $REQUEST_URI = $HTTP_SERVER_VARS['REQUEST_URI'];
151?>
152
153<form action="<?php echo $REQUEST_URI ?>" method="post">
154<fieldset><legend accesskey="P">Encrypt</legend>
155Enter a password twice to encrypt it:<br />
156<input type="password" name="password" value="" /><br />
157<input type="password" name="password2" value="" /> <input type="submit" value="Encrypt" />
158</fieldset>
159<br />
160or:<br />
161<br />
162<fieldset><legend accesskey="C">Generate </legend>
163Create a new random password: <input type="submit" name="create" value="Create" />
164</fieldset>
165</form>
166</body>
167</html>