/**
* Obtains a salting hashing method instance.
*
* This function will return an instance of a class that implements
* tx_saltedpasswords_abstract_salts.
*
* Use parameter NULL to reset the factory!
*
* @param string $saltedHash (optional) Salted hashed password to determine the type of used method from or NULL to reset the factory
* @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
* @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object
*/
public static function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE)
{
// Creating new instance when
// * no instance existing
// * a salted hash given to determine salted hashing method from
// * a NULL parameter given to reset instance back to default method
if (!is_object(self::$instance) || !empty($saltedHash) || is_NULL($saltedHash)) {
// Determine method by checking the given hash
if (!empty($saltedHash)) {
$result = self::determineSaltingHashingMethod($saltedHash);
if (!$result) {
self::$instance = NULL;
}
} else {
$classNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode);
$availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
self::$instance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($availableClasses[$classNameToUse], 'tx_');
}
}
return self::$instance;
}
/**
* Checks the login data with the user record data for builtin login method.
*
* @param array $user User data array
* @param array $loginData Login data array
* @param string $passwordCompareStrategy Password compare strategy
* @return bool TRUE if login data matched
*/
public function compareUident(array $user, array $loginData, $passwordCompareStrategy = '')
{
$validPasswd = FALSE;
$password = $loginData['uident_text'];
// Determine method used for given salted hashed password
$this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']);
// Existing record is in format of Salted Hash password
if (is_object($this->objInstanceSaltedPW)) {
$validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']);
// Record is in format of Salted Hash password but authentication failed
// skip further authentication methods
if (!$validPasswd) {
$this->authenticationFailed = TRUE;
}
$defaultHashingClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
$skip = FALSE;
// Test for wrong salted hashing method
if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) {
// Instanciate default method class
$this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
$this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
}
if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) {
$this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
}
} elseif (!(int) $this->extConf['forceSalted']) {
// Stored password is in deprecated salted hashing method
if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($user['password'], 0, 2))) {
// Instanciate default method class
$this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(substr($user['password'], 1));
// md5
if ($user['password'][0] === 'M') {
$validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1));
} else {
$validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1));
}
// Skip further authentication methods
if (!$validPasswd) {
$this->authenticationFailed = TRUE;
}
} elseif (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) {
$validPasswd = md5($password) === (string) $user['password'];
// Skip further authentication methods
if (!$validPasswd) {
$this->authenticationFailed = TRUE;
}
} else {
$validPasswd = (string) $password === (string) $user['password'];
}
// Should we store the new format value in DB?
if ($validPasswd && (int) $this->extConf['updatePasswd']) {
// Instanciate default method class
$this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
$this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
}
}
return $validPasswd;
}
/**
* @test
*/
public function resettingFactoryInstanceSucceeds()
{
$defaultClassNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
if ($defaultClassNameToUse == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt') {
$saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.';
} else {
$saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0';
}
$this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltedPW);
// resetting
$this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
$this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse));
}
function setPassword($password)
{
$this->data['password'] = $password;
$this->data['tx_mmforum_md5'] = md5($password);
$objPHPass = null;
if (ExtensionManagementUtility::isLoaded('t3sec_saltedpw')) {
require_once ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/staticlib/class.tx_t3secsaltedpw_div.php';
if (tx_t3secsaltedpw_div::isUsageEnabled()) {
require_once ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/lib/class.tx_t3secsaltedpw_phpass.php';
$objPHPass = GeneralUtility::makeInstance('tx_t3secsaltedpw_phpass');
}
}
if (!$objPHPass && ExtensionManagementUtility::isLoaded('saltedpasswords')) {
if (SaltedPasswordsUtility::isUsageEnabled()) {
$objPHPass = GeneralUtility::makeInstance(SaltedPasswordsUtility::getDefaultSaltingHashingMethod());
}
}
if ($objPHPass) {
$this->data['password'] = $objPHPass->getHashedPassword($password);
} else {
if (ExtensionManagementUtility::isLoaded('kb_md5fepw')) {
//if kb_md5fepw is installed, crypt password
$this->data['password'] = md5($password);
}
}
}
public function getHashedPassword($password)
{
$objPHPass = null;
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('t3sec_saltedpw')) {
require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/staticlib/class.tx_t3secsaltedpw_div.php';
if (tx_t3secsaltedpw_div::isUsageEnabled()) {
require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/lib/class.tx_t3secsaltedpw_phpass.php';
$objPHPass = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('tx_t3secsaltedpw_phpass');
}
}
if (!$objPHPass && \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords')) {
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled()) {
$objPHPass = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod());
}
}
if ($objPHPass) {
$password = $objPHPass->getHashedPassword($password);
} else {
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('kb_md5fepw')) {
//if kb_md5fepw is installed, crypt password
$password = md5($password);
}
}
return $password;
}
/**
* Method tries to determine the salting hashing method used for given salt.
*
* Method implicitly sets the instance of the found method object in the class property when found.
*
* @param string $saltedHash
* @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
* @return bool TRUE, if salting hashing method has been found, otherwise FALSE
*/
public static function determineSaltingHashingMethod($saltedHash, $mode = TYPO3_MODE)
{
$registeredMethods = static::getRegisteredSaltedHashingMethods();
$defaultClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode);
$defaultReference = $registeredMethods[$defaultClassName];
unset($registeredMethods[$defaultClassName]);
// place the default method first in the order
$registeredMethods = array($defaultClassName => $defaultReference) + $registeredMethods;
$methodFound = false;
foreach ($registeredMethods as $method) {
$objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($method);
if ($objectInstance instanceof SaltInterface) {
$methodFound = $objectInstance->isValidSaltedPW($saltedHash);
if ($methodFound) {
self::$instance = $objectInstance;
break;
}
}
}
return $methodFound;
}
