PageRenderTime 46ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/libraries/joomla/crypt/password/simple.php

https://bitbucket.org/eternaware/joomus
PHP | 148 lines | 69 code | 20 blank | 59 comment | 11 complexity | 726f52cdc97bb528526dce23c470551c MD5 | raw file
Possible License(s): LGPL-2.1 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * @package     Joomla.Platform
    4. 

  4.  * @subpackage  Crypt
    5. 

  5.  *
    6. 

  6.  * @copyright   Copyright (C) 2005 - 2012 Open Source Matters, Inc. All rights reserved.
    7. 

  7.  * @license     GNU General Public License version 2 or later; see LICENSE
    8. 

  8.  */
    9. 

  9. 

  10. defined('JPATH_PLATFORM') or die;
    11. 

  11. 

  12. /**
    13. 

  13.  * Joomla Platform Password Crypter
    14. 

  14.  *
    15. 

  15.  * @package     Joomla.Platform
    16. 

  16.  * @subpackage  Crypt
    17. 

  17.  * @since       12.2
    18. 

  18.  */
    19. 

  19. class JCryptPasswordSimple implements JCryptPassword
    20. 

  20. {
    21. 

  21. 	/**
    22. 

  22. 	 * @var    integer  The cost parameter for hashing algorithms.
    23. 

  23. 	 * @since  12.2
    24. 

  24. 	 */
    25. 

  25. 	protected $cost = 10;
    26. 

  26. 

  27. 	/**
    28. 

  28. 	 * Creates a password hash
    29. 

  29. 	 *
    30. 

  30. 	 * @param   string  $password  The password to hash.
    31. 

  31. 	 * @param   string  $type      The hash type.
    32. 

  32. 	 *
    33. 

  33. 	 * @return  string  The hashed password.
    34. 

  34. 	 *
    35. 

  35. 	 * @since   12.2
    36. 

  36. 	 */
    37. 

  37. 	public function create($password, $type = JCryptPassword::BLOWFISH)
    38. 

  38. 	{
    39. 

  39. 		switch ($type)
    40. 

  40. 		{
    41. 

  41. 			case JCryptPassword::BLOWFISH:
    42. 

  42. 				$salt = $this->getSalt(22);
    43. 

  43. 

  44. 				if (version_compare(PHP_VERSION, '5.3.7') >= 0)
    45. 

  45. 				{
    46. 

  46. 					$prefix = '$2y$';
    47. 

  47. 				}
    48. 

  48. 				else
    49. 

  49. 				{
    50. 

  50. 					$prefix = '$2a$';
    51. 

  51. 				}
    52. 

  52. 

  53. 				$salt = $prefix . str_pad($this->cost, 2, '0', STR_PAD_LEFT) . '$' . $this->getSalt(22);
    54. 

  54. 

  55. 			return crypt($password, $salt);
    56. 

  56. 

  57. 			case JCryptPassword::MD5:
    58. 

  58. 				$salt = $this->getSalt(12);
    59. 

  59. 

  60. 				$salt = '$1$' . $salt;
    61. 

  61. 

  62. 			return crypt($password, $salt);
    63. 

  63. 

  64. 			case JCryptPassword::JOOMLA:
    65. 

  65. 				$salt = $this->getSalt(32);
    66. 

  66. 

  67. 			return md5($password . $salt) . ':' . $salt;
    68. 

  68. 

  69. 			default:
    70. 

  70. 				throw new InvalidArgumentException(sprintf('Hash type %s is not supported', $type));
    71. 

  71. 				break;
    72. 

  72. 		}
    73. 

  73. 	}
    74. 

  74. 

  75. 	/**
    76. 

  76. 	 * Sets the cost parameter for the generated hash for algorithms that use a cost factor.
    77. 

  77. 	 *
    78. 

  78. 	 * @param   integer  $cost  The new cost value.
    79. 

  79. 	 *
    80. 

  80. 	 * @return  void
    81. 

  81. 	 *
    82. 

  82. 	 * @since   12.2
    83. 

  83. 	 */
    84. 

  84. 	public function setCost($cost)
    85. 

  85. 	{
    86. 

  86. 		$this->cost = $cost;
    87. 

  87. 	}
    88. 

  88. 

  89. 	/**
    90. 

  90. 	 * Generates a salt of specified length. The salt consists of characters in the set [./0-9A-Za-z].
    91. 

  91. 	 *
    92. 

  92. 	 * @param   integer  $length  The number of characters to return.
    93. 

  93. 	 *
    94. 

  94. 	 * @return  string  The string of random characters.
    95. 

  95. 	 *
    96. 

  96. 	 * @since   12.2
    97. 

  97. 	 */
    98. 

  98. 	protected function getSalt($length)
    99. 

  99. 	{
    100. 

  100. 		$bytes = ceil($length * 6 / 8);
    101. 

  101. 

  102. 		$randomData = str_replace('+', '.', base64_encode(JCrypt::getRandomBytes($bytes)));
    103. 

  103. 

  104. 		return substr($randomData, 0, $length);
    105. 

  105. 	}
    106. 

  106. 

  107. 	/**
    108. 

  108. 	 * Verifies a password hash
    109. 

  109. 	 *
    110. 

  110. 	 * @param   string  $password  The password to verify.
    111. 

  111. 	 * @param   string  $hash      The password hash to check.
    112. 

  112. 	 *
    113. 

  113. 	 * @return  boolean  True if the password is valid, false otherwise.
    114. 

  114. 	 *
    115. 

  115. 	 * @since   12.2
    116. 

  116. 	 */
    117. 

  117. 	public function verify($password, $hash)
    118. 

  118. 	{
    119. 

  119. 		// Check if the hash is a blowfish hash.
    120. 

  120. 		if (substr($hash, 0, 4) == '$2a$' || substr($hash, 0, 4) == '$2y$')
    121. 

  121. 		{
    122. 

  122. 			if (version_compare(PHP_VERSION, '5.3.7') >= 0)
    123. 

  123. 			{
    124. 

  124. 				$prefix = '$2y$';
    125. 

  125. 			}
    126. 

  126. 			else
    127. 

  127. 			{
    128. 

  128. 				$prefix = '$2a$';
    129. 

  129. 			}
    130. 

  130. 			$hash = $prefix . substr($hash, 4);
    131. 

  131. 

  132. 			return (crypt($password, $hash) === $hash);
    133. 

  133. 		}
    134. 

  134. 

  135. 		// Check if the hash is an MD5 hash.
    136. 

  136. 		if (substr($hash, 0, 3) == '$1$')
    137. 

  137. 		{
    138. 

  138. 			return (crypt($password, $hash) === $hash);
    139. 

  139. 		}
    140. 

  140. 

  141. 		// Check if the hash is a Joomla hash.
    142. 

  142. 		if (preg_match('#[a-z0-9]{32}:[A-Za-z0-9]{32}#', $hash) === 1)
    143. 

  143. 		{
    144. 

  144. 			return md5($password . substr($hash, 33)) == substr($hash, 0, 32);
    145. 

  145. 		}
    146. 

  146. 		return false;
    147. 

  147. 	}
    148. 

  148. }
    149. 

  149.