PDF rausgenommen

msd2/phpBB3/phpbb/passwords/driver/salted_md5.php

@@ -0,0 +1,169 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+/**
+*
+* @version Version 0.1 / slightly modified for phpBB 3.1.x (using $H$ as hash type identifier)
+*
+* Portable PHP password hashing framework.
+*
+* Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
+* the public domain.
+*
+* There's absolutely no warranty.
+*
+* The homepage URL for this framework is:
+*
+*	http://www.openwall.com/phpass/
+*
+* Please be sure to update the Version line if you edit this file in any way.
+* It is suggested that you leave the main version number intact, but indicate
+* your project name (after the slash) and add your own revision information.
+*
+* Please do not change the "private" password hashing method implemented in
+* here, thereby making your hashes incompatible.  However, if you must, please
+* change the hash type identifier (the "$P$") to something different.
+*
+* Obviously, since this code is in the public domain, the above are not
+* requirements (there can be none), but merely suggestions.
+*
+*/
+
+class salted_md5 extends base
+{
+	const PREFIX = '$H$';
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $setting = '')
+	{
+		if ($setting)
+		{
+			if (($settings = $this->get_hash_settings($setting)) === false)
+			{
+				// Return md5 of password if settings do not
+				// comply with our standards. This will only
+				// happen if pre-determined settings are
+				// directly passed to the driver. The manager
+				// will not do this. Same as the old hashing
+				// implementation in phpBB 3.0
+				return md5($password);
+			}
+		}
+		else
+		{
+			$settings = $this->get_hash_settings($this->generate_salt());
+		}
+
+		$hash = md5($settings['salt'] . $password, true);
+		do
+		{
+			$hash = md5($hash . $password, true);
+		}
+		while (--$settings['count']);
+
+		$output = $settings['full'];
+		$output .= $this->helper->hash_encode64($hash, 16);
+
+		return $output;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		if (strlen($hash) !== 34)
+		{
+			return md5($password) === $hash;
+		}
+
+		return $this->helper->string_compare($hash, $this->hash($password, $hash));
+	}
+
+	/**
+	* Generate salt for hashing method
+	*
+	* @return string Salt for hashing method
+	*/
+	protected function generate_salt()
+	{
+		$count = 6;
+
+		$random = $this->helper->get_random_salt($count);
+
+		$salt = $this->get_prefix();
+		$salt .= $this->helper->itoa64[min($count + 5, 30)];
+		$salt .= $this->helper->hash_encode64($random, $count);
+
+		return $salt;
+	}
+
+	/**
+	* Get hash settings
+	*
+	* @param string $hash The hash that contains the settings
+	*
+	* @return bool|array Array containing the count_log2, salt, and full
+	*		hash settings string or false if supplied hash is empty
+	*		or contains incorrect settings
+	*/
+	public function get_hash_settings($hash)
+	{
+		if (empty($hash))
+		{
+			return false;
+		}
+
+		$count_log2 = strpos($this->helper->itoa64, $hash[3]);
+		$salt = substr($hash, 4, 8);
+
+		if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8)
+		{
+			return false;
+		}
+
+		return array(
+			'count'	=> 1 << $count_log2,
+			'salt'	=> $salt,
+			'full'	=> substr($hash, 0, 12),
+		);
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_settings_only($hash, $full = false)
+	{
+		return substr($hash, 3, 9);
+	}
+}