/** * Encrypt the password with a specific algorithm * @return String */ private function encryptPassword() { $password = $this->password; $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $random_state = uniqid(); $random = ''; $count = 6; if ($fh = @fopen('/dev/urandom', 'rb')) { $random = fread($fh, $count); fclose($fh); } if (strlen($random) < $count) { $random = ''; for ($i = 0; $i < $count; $i += 16) { $random_state = md5(uniqid() . $random_state); $random .= pack('H*', md5($random_state)); } $random = substr($random, 0, $count); } $hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64); if (strlen($hash) == 34) { return $hash; } return md5($password); }
/** * Check for correct password * * @param string $password The password in plain text * @param string $hash The stored password hash * * @return bool Returns true if the password is correct, false if not. */ function phpbb_check_hash($password, $hash) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if (strlen($hash) == 34) { return _hash_crypt_private($password, $hash, $itoa64) === $hash ? true : false; } return md5($password) === $hash ? true : false; }
function phpbb_hash($password) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $random = ''; $count = 6; if ($fh = @fopen('/dev/urandom', 'rb')) { $random = fread($fh, $count); fclose($fh); } $hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64); if (strlen($hash) == 34) { return $hash; } return md5($password); }
/** * Try and authenticate for our password compatibility scheme. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param ?MEMBER The member id (NULL: use member name) * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @param array Row of OCF account * @return ?tempcode Error message (NULL: none) */ function auth($username, $userid, $password_hashed, $password_raw, $cookie_login, $row) { if ($cookie_login) { if ($row['m_pass_hash_salted'] != $password_hashed) { return do_lang_tempcode('USER_BAD_PASSWORD'); } } else { require_code('forum/phpbb3'); $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if (_hash_crypt_private($password_raw, $row['m_pass_hash_salted'], $itoa64) != $row['m_pass_hash_salted']) { return do_lang_tempcode('USER_BAD_PASSWORD'); } } return NULL; }
/** * The hashing algorithm of this forum driver. NOT used for cookie logins for this forum driver (cookies store a generated session ID). * * @param string The data to hash (the password in actuality) * @param string The string converted member-ID in actuality, although this function is more general. For cookie logins, 'ys' * @param boolean Whether to just get the old style hash * @return string The hashed data */ function forum_md5($data, $key, $just_first = false) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $hash = $GLOBALS['FORUM_DB']->query_value_null_ok('users', 'user_password', array('username_clean' => strtolower($key))); if (is_null($hash)) { return ''; } return _hash_crypt_private($data, $hash, $itoa64); }
/** * Check for correct password * * @param string $password The password in plain text * @param string $hash The stored password hash * * @return bool Returns true if the password is correct, false if not. */ function phpbb_check_hash($password, $hash) { if (strlen($password) > 4096) { // If the password is too huge, we will simply reject it // and not let the server try to hash it. return false; } $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if (strlen($hash) == 34) { return _hash_crypt_private($password, $hash, $itoa64) === $hash ? true : false; } return md5($password) === $hash ? true : false; }