aschwarz/Leitgedanken
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PDF rausgenommen

Browse Source
This commit is contained in:
aschwarz
2023-01-23 11:03:31 +01:00
parent 82d562a322
commit a6523903eb
28078 changed files with 4247552 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
msd2/phpBB3/phpbb/passwords/driver/base.php Normal file
View File

@ -0,0 +1,70 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
abstract class base implements rehashable_driver_interface
{
/** @var \phpbb\config\config */
protected $config;
/** @var \phpbb\passwords\driver\helper */
protected $helper;
/** @var string Driver name */
protected $name;
/**
* Constructor of passwords driver object
*
* @param \phpbb\config\config $config phpBB config
* @param \phpbb\passwords\driver\helper $helper Password driver helper
*/
public function __construct(\phpbb\config\config $config, helper $helper)
{
$this->config = $config;
$this->helper = $helper;
}
/**
* {@inheritdoc}
*/
public function is_supported()
{
return true;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return false;
}
/**
* {@inheritdoc}
*/
public function needs_rehash($hash)
{
return false;
}
/**
* {@inheritdoc}
*/
public function get_settings_only($hash, $full = false)
{
return false;
}
}

135
msd2/phpBB3/phpbb/passwords/driver/bcrypt.php Normal file
View File

@ -0,0 +1,135 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class bcrypt extends base
{
const PREFIX = '$2a$';
/** @var int Hashing cost factor */
protected $cost_factor;
/**
* Constructor of passwords driver object
*
* @param \phpbb\config\config $config phpBB config
* @param \phpbb\passwords\driver\helper $helper Password driver helper
* @param int $cost_factor Hashing cost factor (optional)
*/
public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor = 10)
{
parent::__construct($config, $helper);
// Don't allow cost factor to be below default setting
$this->cost_factor = max(10, $cost_factor);
}
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function needs_rehash($hash)
{
preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches);
list(, $cost_factor) = $matches;
return empty($cost_factor) || $this->cost_factor !== intval($cost_factor);
}
/**
* {@inheritdoc}
*/
public function hash($password, $salt = '')
{
// The 2x and 2y prefixes of bcrypt might not be supported
// Revert to 2a if this is the case
$prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
// Do not support 8-bit characters with $2a$ bcrypt
// Also see http://www.php.net/security/crypt_blowfish.php
if ($prefix === self::PREFIX)
{
if (ord($password[strlen($password)-1]) & 128)
{
return false;
}
}
if ($salt == '')
{
$salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt();
}
$hash = crypt($password, $salt);
if (strlen($hash) < 60)
{
return false;
}
return $hash;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
$salt = substr($hash, 0, 29);
if (strlen($salt) != 29)
{
return false;
}
if ($this->helper->string_compare($hash, $this->hash($password, $salt)))
{
return true;
}
return false;
}
/**
* Get a random salt value with a length of 22 characters
*
* @return string Salt for password hashing
*/
protected function get_random_salt()
{
return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
}
/**
* {@inheritdoc}
*/
public function get_settings_only($hash, $full = false)
{
if ($full)
{
$pos = stripos($hash, '$', 1) + 1;
$length = 22 + (strripos($hash, '$') + 1 - $pos);
}
else
{
$pos = strripos($hash, '$') + 1;
$length = 22;
}
return substr($hash, $pos, $length);
}
}

35
msd2/phpBB3/phpbb/passwords/driver/bcrypt_2y.php Normal file
View File

@ -0,0 +1,35 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class bcrypt_2y extends bcrypt
{
const PREFIX = '$2y$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_supported()
{
return (version_compare(PHP_VERSION, '5.3.7', '<')) ? false : true;
}
}

84
msd2/phpBB3/phpbb/passwords/driver/bcrypt_wcf2.php Normal file
View File

@ -0,0 +1,84 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class bcrypt_wcf2 extends base
{
const PREFIX = '$wcf2$';
/** @var \phpbb\passwords\driver\bcrypt */
protected $bcrypt;
/** @var \phpbb\passwords\driver\helper */
protected $helper;
/**
* Constructor of passwords driver object
*
* @param \phpbb\passwords\driver\bcrypt $bcrypt Salted md5 driver
* @param \phpbb\passwords\driver\helper $helper Password driver helper
*/
public function __construct(\phpbb\passwords\driver\bcrypt $bcrypt, helper $helper)
{
$this->bcrypt = $bcrypt;
$this->helper = $helper;
}
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return true;
}
/**
* {@inheritdoc}
*/
public function hash($password, $user_row = '')
{
// Do not support hashing
return false;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
if (empty($hash) || strlen($hash) != 60)
{
return false;
}
else
{
$salt = substr($hash, 0, 29);
if (strlen($salt) != 29)
{
return false;
}
// Works for standard WCF 2.x, i.e. WBB4 and similar
return $this->helper->string_compare($hash, $this->bcrypt->hash($this->bcrypt->hash($password, $salt), $salt));
}
}
}

43
msd2/phpBB3/phpbb/passwords/driver/convert_password.php Normal file
View File

@ -0,0 +1,43 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class convert_password extends base
{
const PREFIX = '$CP$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function hash($password, $user_row = '')
{
return false;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
return false;
}
}

69
msd2/phpBB3/phpbb/passwords/driver/driver_interface.php Normal file
View File

@ -0,0 +1,69 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
interface driver_interface
{
/**
* Check if hash type is supported
*
* @return bool True if supported, false if not
*/
public function is_supported();
/**
* Check if hash type is a legacy hash type
*
* @return bool True if it's a legacy hash type, false if not
*/
public function is_legacy();
/**
* Returns the hash prefix
*
* @return string Hash prefix
*/
public function get_prefix();
/**
* Hash the password
*
* @param string $password The password that should be hashed
*
* @return bool|string Password hash or false if something went wrong
* during hashing
*/
public function hash($password);
/**
* Check the password against the supplied hash
*
* @param string $password The password to check
* @param string $hash The password hash to check against
* @param array $user_row User's row in users table
*
* @return bool True if password is correct, else false
*/
public function check($password, $hash, $user_row = array());
/**
* Get only the settings of the specified hash
*
* @param string $hash Password hash
* @param bool $full Return full settings or only settings
* related to the salt
* @return string String containing the hash settings
*/
public function get_settings_only($hash, $full = false);
}

177
msd2/phpBB3/phpbb/passwords/driver/helper.php Normal file
View File

@ -0,0 +1,177 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class helper
{
/**
* @var \phpbb\config\config
*/
protected $config;
/**
* base64 alphabet
* @var string
*/
public $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
/**
* Construct a driver helper object
*
* @param \phpbb\config\config $config phpBB configuration
*/
public function __construct(\phpbb\config\config $config)
{
$this->config = $config;
}
/**
* Base64 encode hash
*
* @param string $input Input string
* @param int $count Input string length
*
* @return string base64 encoded string
*/
public function hash_encode64($input, $count)
{
$output = '';
$i = 0;
do
{
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count)
{
$value |= ord($input[$i]) << 8;
}
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
{
break;
}
if ($i < $count)
{
$value |= ord($input[$i]) << 16;
}
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
{
break;
}
$output .= $this->itoa64[($value >> 18) & 0x3f];
}
while ($i < $count);
return $output;
}
/**
* Return unique id
*
* @param string $extra Additional entropy
*
* @return string Unique id
*/
public function unique_id($extra = 'c')
{
static $dss_seeded = false;
$val = $this->config['rand_seed'] . microtime();
$val = md5($val);
$this->config['rand_seed'] = md5($this->config['rand_seed'] . $val . $extra);
if ($dss_seeded !== true && ($this->config['rand_seed_last_update'] < time() - rand(1,10)))
{
$this->config->set('rand_seed_last_update', time(), true);
$this->config->set('rand_seed', $this->config['rand_seed'], true);
$dss_seeded = true;
}
return substr($val, 4, 16);
}
/**
* Get random salt with specified length
*
* @param int $length Salt length
* @param string $rand_seed Seed for random data (optional). For tests.
*
* @return string Random salt with specified length
*/
public function get_random_salt($length, $rand_seed = '/dev/urandom')
{
$random = '';
if (($fh = @fopen($rand_seed, 'rb')))
{
$random = fread($fh, $length);
fclose($fh);
}
if (strlen($random) < $length)
{
$random = '';
$random_state = $this->unique_id();
for ($i = 0; $i < $length; $i += 16)
{
$random_state = md5($this->unique_id() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $length);
}
return $random;
}
/**
* Compare two strings byte by byte
*
* @param string $string_a The first string
* @param string $string_b The second string
*
* @return bool True if strings are the same, false if not
*/
public function string_compare($string_a, $string_b)
{
// Return if input variables are not strings or if length does not match
if (!is_string($string_a) || !is_string($string_b) || strlen($string_a) != strlen($string_b))
{
return false;
}
// Use hash_equals() if it's available
if (function_exists('hash_equals'))
{
return hash_equals($string_a, $string_b);
}
$difference = 0;
for ($i = 0; $i < strlen($string_a) && $i < strlen($string_b); $i++)
{
$difference |= ord($string_a[$i]) ^ ord($string_b[$i]);
}
return $difference === 0;
}
}

60
msd2/phpBB3/phpbb/passwords/driver/md5_mybb.php Normal file
View File

@ -0,0 +1,60 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class md5_mybb extends base
{
const PREFIX = '$md5_mybb$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return true;
}
/**
* {@inheritdoc}
*/
public function hash($password, $user_row = '')
{
// Do not support hashing
return false;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
if (empty($hash) || strlen($hash) != 32 || !isset($user_row['user_passwd_salt']))
{
return false;
}
else
{
// Works for myBB 1.1.x, 1.2.x, 1.4.x, 1.6.x
return $this->helper->string_compare($hash, md5(md5($user_row['user_passwd_salt']) . md5($password)));
}
}
}

123
msd2/phpBB3/phpbb/passwords/driver/md5_phpbb2.php Normal file
View File

@ -0,0 +1,123 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class md5_phpbb2 extends base
{
const PREFIX = '$md5_phpbb2$';
/** @var \phpbb\request\request phpBB request object */
protected $request;
/** @var \phpbb\passwords\driver\salted_md5 */
protected $salted_md5;
/** @var \phpbb\passwords\driver\helper */
protected $helper;
/** @var string phpBB root path */
protected $phpbb_root_path;
/** @var string php file extension */
protected $php_ext;
/**
* Constructor of passwords driver object
*
* @param \phpbb\request\request $request phpBB request object
* @param \phpbb\passwords\driver\salted_md5 $salted_md5 Salted md5 driver
* @param \phpbb\passwords\driver\helper $helper Driver helper
* @param string $phpbb_root_path phpBB root path
* @param string $php_ext PHP file extension
*/
public function __construct($request, salted_md5 $salted_md5, helper $helper, $phpbb_root_path, $php_ext)
{
$this->request = $request;
$this->salted_md5 = $salted_md5;
$this->helper = $helper;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return true;
}
/**
* {@inheritdoc}
*/
public function hash($password, $user_row = '')
{
// Do not support hashing
return false;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
if (strlen($hash) != 32 && strlen($hash) != 34)
{
return false;
}
// enable super globals to get literal value
// this is needed to prevent unicode normalization
$super_globals_disabled = $this->request->super_globals_disabled();
if ($super_globals_disabled)
{
$this->request->enable_super_globals();
}
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = addslashes($password_old_format);
$password_new_format = $this->request->variable('password', '', true);
if ($super_globals_disabled)
{
$this->request->disable_super_globals();
}
if ($password == $password_new_format)
{
if (!function_exists('utf8_to_cp1252'))
{
include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
}
if ($this->helper->string_compare(md5($password_old_format), $hash) || $this->helper->string_compare(md5(\utf8_to_cp1252($password_old_format)), $hash)
|| $this->salted_md5->check(md5($password_old_format), $hash) === true
|| $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true)
{
return true;
}
}
return false;
}
}

60
msd2/phpBB3/phpbb/passwords/driver/md5_vb.php Normal file
View File

@ -0,0 +1,60 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class md5_vb extends base
{
const PREFIX = '$md5_vb$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return true;
}
/**
* {@inheritdoc}
*/
public function hash($password, $user_row = '')
{
// Do not support hashing
return false;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
if (empty($hash) || strlen($hash) != 32 || !isset($user_row['user_passwd_salt']))
{
return false;
}
else
{
// Works for vB 3.8.x, 4.x.x, 5.0.x
return $this->helper->string_compare($hash, md5(md5($password) . $user_row['user_passwd_salt']));
}
}
}

27
msd2/phpBB3/phpbb/passwords/driver/phpass.php Normal file
View File

@ -0,0 +1,27 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class phpass extends salted_md5
{
const PREFIX = '$P$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
}

25
msd2/phpBB3/phpbb/passwords/driver/rehashable_driver_interface.php Normal file
View File

@ -0,0 +1,25 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
interface rehashable_driver_interface extends driver_interface
{
/**
* Check if password needs to be rehashed
*
* @param string $hash Hash to check for rehash
* @return bool True if password needs to be rehashed, false if not
*/
public function needs_rehash($hash);
}

169
msd2/phpBB3/phpbb/passwords/driver/salted_md5.php Normal file
View File

@ -0,0 +1,169 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
/**
*
* @version Version 0.1 / slightly modified for phpBB 3.1.x (using $H$ as hash type identifier)
*
* Portable PHP password hashing framework.
*
* Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
* the public domain.
*
* There's absolutely no warranty.
*
* The homepage URL for this framework is:
*
* http://www.openwall.com/phpass/
*
* Please be sure to update the Version line if you edit this file in any way.
* It is suggested that you leave the main version number intact, but indicate
* your project name (after the slash) and add your own revision information.
*
* Please do not change the "private" password hashing method implemented in
* here, thereby making your hashes incompatible. However, if you must, please
* change the hash type identifier (the "$P$") to something different.
*
* Obviously, since this code is in the public domain, the above are not
* requirements (there can be none), but merely suggestions.
*
*/
class salted_md5 extends base
{
const PREFIX = '$H$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return true;
}
/**
* {@inheritdoc}
*/
public function hash($password, $setting = '')
{
if ($setting)
{
if (($settings = $this->get_hash_settings($setting)) === false)
{
// Return md5 of password if settings do not
// comply with our standards. This will only
// happen if pre-determined settings are
// directly passed to the driver. The manager
// will not do this. Same as the old hashing
// implementation in phpBB 3.0
return md5($password);
}
}
else
{
$settings = $this->get_hash_settings($this->generate_salt());
}
$hash = md5($settings['salt'] . $password, true);
do
{
$hash = md5($hash . $password, true);
}
while (--$settings['count']);
$output = $settings['full'];
$output .= $this->helper->hash_encode64($hash, 16);
return $output;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
if (strlen($hash) !== 34)
{
return md5($password) === $hash;
}
return $this->helper->string_compare($hash, $this->hash($password, $hash));
}
/**
* Generate salt for hashing method
*
* @return string Salt for hashing method
*/
protected function generate_salt()
{
$count = 6;
$random = $this->helper->get_random_salt($count);
$salt = $this->get_prefix();
$salt .= $this->helper->itoa64[min($count + 5, 30)];
$salt .= $this->helper->hash_encode64($random, $count);
return $salt;
}
/**
* Get hash settings
*
* @param string $hash The hash that contains the settings
*
* @return bool|array Array containing the count_log2, salt, and full
* hash settings string or false if supplied hash is empty
* or contains incorrect settings
*/
public function get_hash_settings($hash)
{
if (empty($hash))
{
return false;
}
$count_log2 = strpos($this->helper->itoa64, $hash[3]);
$salt = substr($hash, 4, 8);
if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8)
{
return false;
}
return array(
'count' => 1 << $count_log2,
'salt' => $salt,
'full' => substr($hash, 0, 12),
);
}
/**
* {@inheritdoc}
*/
public function get_settings_only($hash, $full = false)
{
return substr($hash, 3, 9);
}
}

52
msd2/phpBB3/phpbb/passwords/driver/sha1.php Normal file
View File

@ -0,0 +1,52 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class sha1 extends base
{
const PREFIX = '$sha1$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return true;
}
/**
* {@inheritdoc}
*/
public function hash($password, $user_row = '')
{
// Do not support hashing
return false;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
return (strlen($hash) == 40) ? $this->helper->string_compare($hash, sha1($password)) : false;
}
}

51
msd2/phpBB3/phpbb/passwords/driver/sha1_smf.php Normal file
View File

@ -0,0 +1,51 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class sha1_smf extends base
{
const PREFIX = '$smf$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return true;
}
/**
* {@inheritdoc}
*/
public function hash($password, $user_row = '')
{
return (isset($user_row['login_name'])) ? sha1(strtolower($user_row['login_name']) . $password) : false;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
return (strlen($hash) == 40) ? $this->helper->string_compare($hash, $this->hash($password, $user_row)) : false;
}
}

60
msd2/phpBB3/phpbb/passwords/driver/sha1_wcf1.php Normal file
View File

@ -0,0 +1,60 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class sha1_wcf1 extends base
{
const PREFIX = '$wcf1$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return true;
}
/**
* {@inheritdoc}
*/
public function hash($password, $user_row = '')
{
// Do not support hashing
return false;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
if (empty($hash) || strlen($hash) != 40 || !isset($user_row['user_passwd_salt']))
{
return false;
}
else
{
// Works for standard WCF 1.x, i.e. WBB3 and similar
return $this->helper->string_compare($hash, sha1($user_row['user_passwd_salt'] . sha1($user_row['user_passwd_salt'] . sha1($password))));
}
}
}

68
msd2/phpBB3/phpbb/passwords/driver/sha_xf1.php Normal file
View File

@ -0,0 +1,68 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class sha_xf1 extends base
{
const PREFIX = '$xf1$';
/**
* {@inheritdoc}
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* {@inheritdoc}
*/
public function is_legacy()
{
return true;
}
/**
* {@inheritdoc}
*/
public function hash($password, $user_row = '')
{
// Do not support hashing
return false;
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
if (empty($hash) || (strlen($hash) != 40 && strlen($hash) != 64) || !isset($user_row['user_passwd_salt']))
{
return false;
}
else
{
// Works for xenforo 1.0, 1.1
if ($this->helper->string_compare($hash, sha1(sha1($password) . $user_row['user_passwd_salt']))
|| $this->helper->string_compare($hash, hash('sha256', hash('sha256', $password) . $user_row['user_passwd_salt'])))
{
return true;
}
else
{
return false;
}
}
}
}