PageRenderTime 54ms CodeModel.GetById 28ms RepoModel.GetById 1ms app.codeStats 0ms

/Classes/TYPO3/FLOW3/Security/Cryptography/SaltedMd5HashingStrategy.php

https://github.com/christianjul/FLOW3-Composer
PHP | 72 lines | 22 code | 7 blank | 43 comment | 1 complexity | f95227b25b18de1f90a22f1e54473ff8 MD5 | raw file
Possible License(s): BSD-3-Clause, LGPL-3.0 
    

  1. <?php
    2. 

  2. namespace TYPO3\FLOW3\Security\Cryptography;
    3. 

  3. 

  4. /*                                                                        *
    5. 

  5.  * This script belongs to the FLOW3 framework.                            *
    6. 

  6.  *                                                                        *
    7. 

  7.  * It is free software; you can redistribute it and/or modify it under    *
    8. 

  8.  * the terms of the GNU Lesser General Public License, either version 3   *
    9. 

  9.  * of the License, or (at your option) any later version.                 *
    10. 

  10.  *                                                                        *
    11. 

  11.  * The TYPO3 project - inspiring people to share!                         *
    12. 

  12.  *                                                                        */
    13. 

  13. 

  14. /**
    15. 

  15.  * A salted MD5 based password hashing strategy
    16. 

  16.  *
    17. 

  17.  */
    18. 

  18. class SaltedMd5HashingStrategy implements \TYPO3\FLOW3\Security\Cryptography\PasswordHashingStrategyInterface {
    19. 

  19. 

  20. 	/**
    21. 

  21. 	 * Generates a salted md5 hash over the given string.
    22. 

  22. 	 *
    23. 

  23. 	 * @param string $clearString The unencrypted string which is the subject to be hashed
    24. 

  24. 	 * @return string Salted hash and the salt, separated by a comma ","
    25. 

  25. 	 */
    26. 

  26. 	static public function generateSaltedMd5($clearString) {
    27. 

  27. 		$salt = substr(md5(uniqid(rand(), TRUE)), 0, rand(6, 10));
    28. 

  28. 		return (md5(md5($clearString) . $salt) . ',' . $salt);
    29. 

  29. 	}
    30. 

  30. 

  31. 	/**
    32. 

  32. 	 * Tests if the given string would produce the same hash given the specified salt.
    33. 

  33. 	 * Use this method to validate hashes generated with generateSlatedMd5().
    34. 

  34. 	 *
    35. 

  35. 	 * @param string $clearString
    36. 

  36. 	 * @param string $hashedStringAndSalt
    37. 

  37. 	 * @return boolean TRUE if the clear string matches, otherwise FALSE
    38. 

  38. 	 * @throws \InvalidArgumentException
    39. 

  39. 	 */
    40. 

  40. 	static public function validateSaltedMd5($clearString, $hashedStringAndSalt) {
    41. 

  41. 		if (strpos($hashedStringAndSalt, ',') === FALSE) {
    42. 

  42. 			throw new \InvalidArgumentException('The hashed string must contain a salt, separated with comma from the hashed.', 1269872776);
    43. 

  43. 		}
    44. 

  44. 		list($passwordHash, $salt) = explode(',', $hashedStringAndSalt);
    45. 

  45. 		return (md5(md5($clearString) . $salt) === $passwordHash);
    46. 

  46. 	}
    47. 

  47. 

  48. 	/**
    49. 

  49. 	 * Hash a password using salted MD5
    50. 

  50. 	 *
    51. 

  51. 	 * @param string $password The cleartext password
    52. 

  52. 	 * @param string $staticSalt ignored parameter
    53. 

  53. 	 * @return string A hashed password with salt
    54. 

  54. 	 */
    55. 

  55. 	public function hashPassword($password, $staticSalt = NULL) {
    56. 

  56. 		return self::generateSaltedMd5($password);
    57. 

  57. 	}
    58. 

  58. 

  59. 	/**
    60. 

  60. 	 * Validate a hashed password using salted MD5
    61. 

  61. 	 *
    62. 

  62. 	 * @param string $password The cleartext password
    63. 

  63. 	 * @param string $hashedPasswordAndSalt The hashed password with salt
    64. 

  64. 	 * @param string $staticSalt ignored parameter
    65. 

  65. 	 * @return boolean TRUE if the given password matches the hashed password
    66. 

  66. 	 */
    67. 

  67. 	public function validatePassword($password, $hashedPasswordAndSalt, $staticSalt = NULL) {
    68. 

  68. 		return self::validateSaltedMd5($password, $hashedPasswordAndSalt);
    69. 

  69. 	}
    70. 

  70. 

  71. }
    72. 

  72. ?>
    73.