function convBase($numberInput, $fromBaseInput, $toBaseInput) { if ($fromBaseInput == $toBaseInput) { return $numberInput; } $fromBase = str_split($fromBaseInput, 1); $toBase = str_split($toBaseInput, 1); $number = str_split($numberInput, 1); $fromLen = strlen($fromBaseInput); $toLen = strlen($toBaseInput); $numberLen = strlen($numberInput); $retval = ''; $base10 = ''; if ($toBaseInput == '0123456789') { $retval = 0; for ($i = 1; $i <= $numberLen; $i++) { $retval = bcadd($retval, bcmul(array_search($number[$i - 1], $fromBase), bcpow($fromLen, $numberLen - $i))); } return $retval; } if ($fromBaseInput != '0123456789') { $base10 = convBase($numberInput, $fromBaseInput, '0123456789'); } else { $base10 = $numberInput; } if ($base10 < strlen($toBaseInput)) { return $toBase[$base10]; } while ($base10 != '0') { $retval = $toBase[bcmod($base10, $toLen)] . $retval; $base10 = bcdiv($base10, $toLen, 0); } return $retval; }
public static function generatePassword($request, $seed) { $context = $request['context']; $username = $request['username']; $pass = convBase(md5($context . $username . $seed), '0123456789abcdef', "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNIOPQRSTUVWXYZ()-_!\$%&=@#"); return $pass; }
if (empty($_POST['password'])) { // Plaintext $passhash = 'nopass'; $url = $_POST['url']; if (!preg_match('/^(http|ftp|https|irc):\\/\\//', $url)) { $url = "http://{$url}"; } } else { // 2012-09-07: // Updated the passhash algorithm. Prior to today, this was the line of code // that produced a hash for simple TLWSD links. Upgrade uses SHA-2 and bcrypt // $passhash = substr(hash('sha512', $_POST['password']), 0, 64); // Hash $cost = floor(10 + (date('Ym') - 201204) / 30); // Increase by 1 every 30 months // to conform to Moore's Law $random = convBase(raw2hex(openssl_random_pseudo_bytes(33)), '0123456789abcdef', './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'); if ($random[23]) { $random = substr($random, 0, 22); } $salt = "\$2a\${$cost}\${$random}"; $passhash = substr(hash('sha512', $_POST['password']), 0, 64); // Step 1: Part of SHA512 for ($i = 1; $i <= 1000; $i++) { // Step 2: HMAC-SHA256 with an increasing key $passhash = hash_hmac('sha256', $_POST['password'] . $passhash, $i); } $passhash = crypt($passhash, $salt); // Bcrypt the final result -- new feature! $key = substr(hash('sha512', $_POST['password'], 1), 32); // Encryption key $IV = hash('sha256', $_POST['password'], 1);