Example #1
0
 public function addUser($username, $password)
 {
     //$principal_uri = 'principals/'.$username;
     //Ciframos la password
     $passwordHasher = new Hautelook\Phpass\PasswordHash(8, false);
     $passwordsalt = '9921b26e612100af3e9f67cdfbc0f5';
     $pass_md5 = $passwordHasher->HashPassword($password . $passwordsalt);
     $ret = 0;
     $ret = $this->db->insert('oc_users', array('uid' => $username, 'password' => $pass_md5));
     if ($ret != 1) {
         die("NO se ha podido insertar el user");
     }
     /*
     //Generamos el principal
     $ret = 0;
     $ret = $this->db->insert('principals',array('uri'=>$principal_uri,'displayname'=>$username));
     if ($ret!=1) {
         die("NO se ha podido insertar el principal");
     }
     */
     //Generamos el calendario default
     $ret = 0;
     $ret = $this->db->insert('oc_clndr_calendars', array('userid' => $username, 'displayname' => $this->default_calendar, 'uri' => $this->default_calendar, 'active' => 1, 'ctag' => 1, 'components' => 'VEVENT,VTODO'));
     if ($ret != 1) {
         die("NO se ha podido insertar el calendar");
     }
 }
 public function getHashedPassword()
 {
     // Magic value from default configuration.
     $hash_strength = 10;
     $hasher = new \Hautelook\Phpass\PasswordHash($hash_strength, true);
     $hashedPassword = $hasher->HashPassword($this->password);
     return $hashedPassword;
 }
Example #3
0
 public function resetPasswordRequest($username)
 {
     $user = $this->getUser($username);
     // For safety, this is the message we display, regardless of whether $user exists.
     $this->session->getFlashBag()->set('info', __("A password reset link has been sent to '%user%'.", array('%user%' => $username)));
     if (!empty($user)) {
         $shadowpassword = $this->app['randomgenerator']->generateString(12);
         $shadowtoken = $this->app['randomgenerator']->generateString(32);
         $hasher = new \Hautelook\Phpass\PasswordHash($this->hash_strength, true);
         $shadowhashed = $hasher->HashPassword($shadowpassword);
         $shadowlink = sprintf("%s%sresetpassword?token=%s", $this->app['paths']['hosturl'], $this->app['paths']['bolt'], $shadowtoken);
         // Set the shadow password and related stuff in the database..
         $update = array('shadowpassword' => $shadowhashed, 'shadowtoken' => $shadowtoken . "-" . str_replace(".", "-", $this->remoteIP), 'shadowvalidity' => date("Y-m-d H:i:s", strtotime("+2 hours")));
         $this->db->update($this->usertable, $update, array('id' => $user['id']));
         // Compile the email with the shadow password and reset link..
         $mailhtml = $this->app['render']->render('mail/passwordreset.twig', array('user' => $user, 'shadowpassword' => $shadowpassword, 'shadowtoken' => $shadowtoken, 'shadowvalidity' => date("Y-m-d H:i:s", strtotime("+2 hours")), 'shadowlink' => $shadowlink));
         // echo $mailhtml;
         $subject = sprintf("[ Bolt / %s ] Password reset.", $this->app['config']->get('general/sitename'));
         $message = \Swift_Message::newInstance()->setSubject($subject)->setFrom(array($user['email'] => "Bolt"))->setTo(array($user['email'] => $user['displayname']))->setBody(strip_tags($mailhtml))->addPart($mailhtml, 'text/html');
         $res = $this->app['mailer']->send($message);
         if ($res) {
             $this->app['log']->add("Password request sent to '" . $user['displayname'] . "'.", 3, '', 'issue');
         } else {
             $this->app['log']->add("Failed to send password request sent to '" . $user['displayname'] . "'.", 3, '', 'issue');
         }
     }
     // Take a nap, to prevent brute-forcing. Zzzzz...
     sleep(1);
     return true;
 }
Example #4
0
 /**
  * Hash a password.
  * 
  * To use multiple algorithms in series, provide them as an array.
  * Salted algorithms such as bcrypt, pbkdf2, or portable must be used last.
  * On error, false will be returned.
  * 
  * @param string $password
  * @param string|array $algos (optional)
  * @param string $salt (optional)
  * @return string|false
  */
 public static function hashPassword($password, $algos = null, $salt = null)
 {
     // If the algorithm is null, use the default algorithm.
     if ($algos === null) {
         $algos = self::getDefaultAlgorithm();
     }
     // Initialize the chain of hashes.
     $algos = array_map('strtolower', array_map('trim', is_array($algos) ? $algos : explode(',', $algos)));
     $hashchain = preg_replace('/\\s+/', ' ', trim($password));
     // Apply the given algorithms one by one.
     foreach ($algos as $algo) {
         switch ($algo) {
             // bcrypt (must be used last)
             case 'bcrypt':
                 $hashchain = self::bcrypt($hashchain, $salt, self::getWorkFactor());
                 if ($hashchain[0] === '*') {
                     return false;
                 }
                 return $hashchain;
                 // PBKDF2 (must be used last)
             // PBKDF2 (must be used last)
             case 'pbkdf2':
                 if ($salt === null) {
                     $salt = Security::getRandom(12, 'alnum');
                     $hash_algorithm = 'sha512';
                     $iterations = intval(pow(2, self::getWorkFactor() + 5)) ?: 16384;
                     $key_length = 24;
                 } else {
                     $parts = explode(':', $salt);
                     $salt = $parts[2];
                     $hash_algorithm = $parts[0];
                     $iterations = intval($parts[1], 10);
                     $key_length = strlen(base64_decode($parts[3]));
                 }
                 return self::pbkdf2($hashchain, $salt, $hash_algorithm, $iterations, $key_length);
                 // phpass portable algorithm (must be used last)
             // phpass portable algorithm (must be used last)
             case 'portable':
                 $phpass = new \Hautelook\Phpass\PasswordHash(self::getWorkFactor(), true);
                 if ($salt === null) {
                     $hashchain = $phpass->HashPassword($hashchain);
                     return $hashchain;
                 } else {
                     $match = $phpass->CheckPassword($hashchain, $salt);
                     return $match ? $salt : false;
                 }
                 // Drupal's SHA-512 based algorithm (must be used last)
             // Drupal's SHA-512 based algorithm (must be used last)
             case 'drupal':
                 $hashchain = \VendorPass::drupal($password, $salt);
                 return $hashchain;
                 // Joomla's MD5 based algorithm (must be used last)
             // Joomla's MD5 based algorithm (must be used last)
             case 'joomla':
                 $hashchain = \VendorPass::joomla($password, $salt);
                 return $hashchain;
                 // KimsQ Rb algorithms (must be used last)
             // KimsQ Rb algorithms (must be used last)
             case 'kimsqrb':
                 $hashchain = \VendorPass::kimsqrb($password, $salt);
                 return $hashchain;
                 // crypt() function (must be used last)
             // crypt() function (must be used last)
             case 'crypt':
                 if ($salt === null) {
                     $salt = Security::getRandom(2, 'alnum');
                 }
                 $hashchain = crypt($hashchain, $salt);
                 return $hashchain;
                 // MS SQL's PWDENCRYPT() function (must be used last)
             // MS SQL's PWDENCRYPT() function (must be used last)
             case 'mssql_pwdencrypt':
                 $hashchain = \VendorPass::mssql_pwdencrypt($hashchain, $salt);
                 return $hashchain;
                 // MySQL's old PASSWORD() function.
             // MySQL's old PASSWORD() function.
             case 'mysql_old_password':
                 $hashchain = \VendorPass::mysql_old_password($hashchain);
                 break;
                 // MySQL's new PASSWORD() function.
             // MySQL's new PASSWORD() function.
             case 'mysql_new_password':
                 $hashchain = \VendorPass::mysql_new_password($hashchain);
                 break;
                 // A dummy algorithm that does nothing.
             // A dummy algorithm that does nothing.
             case 'null':
                 break;
                 // All other algorithms will be passed to hash() or treated as a function name.
             // All other algorithms will be passed to hash() or treated as a function name.
             default:
                 if (isset(self::$_algorithm_callbacks[$algo])) {
                     $callback = self::$_algorithm_callbacks[$algo];
                     $hashchain = $callback($hashchain, $salt);
                 } elseif (in_array($algo, hash_algos())) {
                     $hashchain = hash($algo, $hashchain);
                 } elseif (function_exists($algo)) {
                     $hashchain = $algo($hashchain, $salt);
                 } else {
                     return false;
                 }
         }
     }
     return $hashchain;
 }
Example #5
0
<?php

include 'vendor/hautelook/phpass/src/Hautelook/Phpass/PasswordHash.php';
$pg = pg_connect("dbname=d36nc9cjq76ssj host=ec2-107-22-170-249.compute-1.amazonaws.com user=mayjytdutzptbd password=58uHggM_ukv0s-5YD-2oUKoa6z port=5432 sslmode=require");
$user = pg_escape_string($pg, $_POST["username"]);
$password = pg_escape_string($pg, $_POST["password"]);
$ret = pg_query($pg, "SELECT password FROM bolt_users WHERE username='******'");
$row = pg_fetch_row($ret);
$hasher = new Hautelook\Phpass\PasswordHash(10, true);
if ($hasher->CheckPassword($password, $row[0])) {
    echo "true";
} else {
    echo "false";
}
Example #6
0
<?php

include "vendor/autoload.php";
$pass = new \Hautelook\Phpass\PasswordHash(8, false);
$hashed = $pass->HashPassword($argv[2]);
$user = $argv[1];
//  echo "mysql -uuser -ppassword -e 'INSERT INTO users (user, password) VALUES (\"$user\", \"$hashed\");' shack";
echo shell_exec("mysql -uuser -ppassword -e 'INSERT INTO users (user, password) VALUES (\"{$user}\", \"{$hashed}\");' shack");
echo "User added.";