Skip to content
GitLab
Select Git revision
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • dev default
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
class_passwordMethodCrypt.inc 4.26 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4
5 
  Copyright (C) 2003-2010  Cajus Pollmeier
6 
  Copyright (C) 2011-2019  FusionDirectory
7
8 
  This program is free software; you can redistribute it and/or modify
9 
  it under the terms of the GNU General Public License as published by
10 
  the Free Software Foundation; either version 2 of the License, or
11 
  (at your option) any later version.
12
13 
  This program is distributed in the hope that it will be useful,
14 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
15 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16 
  GNU General Public License for more details.
17
18 
  You should have received a copy of the GNU General Public License
19 
  along with this program; if not, write to the Free Software
20 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
21 
*/
22
23 
/*!
24 
 * \file class_passwordMethodCrypt.inc
25 
 * Source code for class passwordMethodCrypt
26 
 */
27
28 
/*!
29 
 * \brief This class contains all the functions for crypt password methods
30 
 * \see passwordMethod
31 
 */
32 
class passwordMethodCrypt extends passwordMethod
33 
{
34
35 
  /*!
36 
   * \brief passwordMethodCrypt Constructor
37 
   */
38 
  function __construct ()
39 
  {
40 
  }
41
42 
  /*!
43 
   * \brief Is available
44 
   *
45 
   * \return TRUE if is avaibable, otherwise return false
46 
   */
47 
  public function is_available (): bool
48 
  {
49 
    return function_exists('crypt');
50 
  }
51
52 
  /*!
53 
   * \brief Generate template hash
54 
   *
55 
   * \param string $pwd Password
56 
   * \param bool $locked Should the password be locked
57 
   *
58 
   * \return string the password hash
59 
   */
60 
  public function generate_hash (string $pwd, bool $locked = FALSE): string
61 
  {
62 
    $salt = '';
63
64 
    if ($this->hash == "crypt/standard-des") {
65 
      $salt = "";
66 
      for ($i = 0; $i < 2; $i++) {
67 
        $salt .= get_random_char();
68 
      }
69 
    } elseif ($this->hash == "crypt/enhanced-des") {
70 
      $salt = "_";
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
for ($i = 0; $i < 8; $i++) { $salt .= get_random_char(); } } elseif ($this->hash == "crypt/md5") { $salt = "\$1\$"; for ($i = 0; $i < 8; $i++) { $salt .= get_random_char(); } $salt .= "\$"; } elseif ($this->hash == "crypt/blowfish") { $salt = "\$2a\$07\$"; for ($i = 0; $i < CRYPT_SALT_LENGTH; $i++) { $salt .= get_random_char(); } $salt .= "\$"; } elseif ($this->hash == "crypt/sha-256") { $salt = "\$5\$"; for ($i = 0; $i < 16; $i++) { $salt .= get_random_char(); } $salt .= "\$"; } elseif ($this->hash == "crypt/sha-512") { $salt = "\$6\$"; for ($i = 0; $i < 16; $i++) { $salt .= get_random_char(); } $salt .= "\$"; } return '{CRYPT}'.($locked ? '!' : '').crypt($pwd, $salt); } function checkPassword ($pwd, $hash): bool { // Not implemented return FALSE; } /*! * \brief Get the hash name */ static function get_hash_name () { $hashes = []; if (CRYPT_STD_DES == 1) { $hashes[] = "crypt/standard-des"; } if (CRYPT_EXT_DES == 1) { $hashes[] = "crypt/enhanced-des"; } if (CRYPT_MD5 == 1) { $hashes[] = "crypt/md5"; } if (CRYPT_BLOWFISH == 1) { $hashes[] = "crypt/blowfish"; } if (CRYPT_SHA256 == 1) { $hashes[] = "crypt/sha-256"; } if (CRYPT_SHA512 == 1) { $hashes[] = "crypt/sha-512"; } return $hashes; }
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184
/*! * \brief Extract a method * * \param string $classname The password method class name * * \param string $password_hash */ static function _extract_method ($password_hash): string { if (!preg_match('/^{crypt}/i', $password_hash)) { return ""; } $password_hash = preg_replace('/^{[^}]+}!?/', '', $password_hash); if (preg_match("/^[a-zA-Z0-9.\/][a-zA-Z0-9.\/]/", $password_hash)) { return "crypt/standard-des"; } if (preg_match("/^_[a-zA-Z0-9.\/]/", $password_hash)) { return "crypt/enhanced-des"; } if (preg_match('/^\$1\$/', $password_hash)) { return "crypt/md5"; } if (preg_match('/^(\$2\$|\$2a\$)/', $password_hash)) { return "crypt/blowfish"; } if (preg_match('/^\$5\$/', $password_hash)) { return "crypt/sha-256"; } if (preg_match('/^\$6\$/', $password_hash)) { return "crypt/sha-512"; } return ""; } }