Skip to content
GitLab
Select Git revision
  • dev default
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
class_password-methods-ssha.inc 2.71 KiB
1 
<?php
2
3 
/*
4 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
5 
  Copyright (C) 2003-2010  Cajus Pollmeier
6 
  Copyright (C) 2011-2016  FusionDirectory
7
8 
  This program is free software; you can redistribute it and/or modify
9 
  it under the terms of the GNU General Public License as published by
10 
  the Free Software Foundation; either version 2 of the License, or
11 
  (at your option) any later version.
12
13 
  This program is distributed in the hope that it will be useful,
14 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
15 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16 
  GNU General Public License for more details.
17
18 
  You should have received a copy of the GNU General Public License
19 
  along with this program; if not, write to the Free Software
20 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
21 
*/
22
23 
/*!
24 
 * \file class_password-methods-ssha.inc
25 
 * Source code for class passwordMethodssha
26 
 */
27
28 
/*!
29 
 * \brief This class contains all the functions for ssha password methods
30 
 * \see passwordMethod
31 
 */
32 
class passwordMethodssha extends passwordMethod
33 
{
34 
  /*!
35 
   * \brief passwordMethodssha Constructor
36 
   */
37 
  function __construct()
38 
  {
39 
  }
40
41 
  /*!
42 
   * \brief Is available
43 
   *
44 
   * \return TRUE if is avaibable, otherwise return false
45 
   */
46 
  function is_available()
47 
  {
48 
    return (function_exists('sha1') || function_exists('mhash'));
49 
  }
50
51 
  /*!
52 
   * \brief Generate template hash
53 
   *
54 
   * \param string $pwd Password
55 
   */
56 
  function generate_hash($pwd)
57 
  {
58 
    if (function_exists('sha1')) {
59 
      $salt = substr(pack('h*', md5(random_int(0, PHP_INT_MAX))), 0, 8);
60 
      $salt = substr(pack('H*', sha1($salt.$pwd)), 0, 4);
61 
      $pwd  = '{SSHA}'.base64_encode(pack('H*', sha1($pwd.$salt)).$salt);
62 
      return $pwd;
63 
    } elseif (function_exists('mhash')) {
64 
      $salt = mhash_keygen_s2k(MHASH_SHA1, $pwd, substr(pack('h*', md5(random_int(0, PHP_INT_MAX))), 0, 8), 4);
65 
      $pwd  = '{SSHA}'.base64_encode(mhash(MHASH_SHA1, $pwd.$salt).$salt);
66 
    } else {
67 
      msg_dialog::display(_('Configuration error'), msgPool::missingext('mhash'), ERROR_DIALOG);
68 
      return FALSE;
69 
    }
70 
    return $pwd;
71727374757677787980818283848586878889909192939495969798
} function checkPassword($pwd, $hash) { $hash = base64_decode(substr($hash, 6)); $salt = substr($hash, 20); $hash = substr($hash, 0, 20); if (function_exists('sha1')) { $nhash = pack('H*', sha1($pwd . $salt)); } elseif (function_exists('mhash')) { $nhash = mhash(MHASH_SHA1, $pwd.$salt); } else { msg_dialog::display(_('Configuration error'), msgPool::missingext('mhash'), ERROR_DIALOG); return FALSE; } return ($nhash == $hash); } /*! * \brief Get the hash name */ static function get_hash_name() { return 'ssha'; } } ?>