public function addUser($username, $password) { //$principal_uri = 'principals/'.$username; //Ciframos la password $passwordHasher = new Hautelook\Phpass\PasswordHash(8, false); $passwordsalt = '9921b26e612100af3e9f67cdfbc0f5'; $pass_md5 = $passwordHasher->HashPassword($password . $passwordsalt); $ret = 0; $ret = $this->db->insert('oc_users', array('uid' => $username, 'password' => $pass_md5)); if ($ret != 1) { die("NO se ha podido insertar el user"); } /* //Generamos el principal $ret = 0; $ret = $this->db->insert('principals',array('uri'=>$principal_uri,'displayname'=>$username)); if ($ret!=1) { die("NO se ha podido insertar el principal"); } */ //Generamos el calendario default $ret = 0; $ret = $this->db->insert('oc_clndr_calendars', array('userid' => $username, 'displayname' => $this->default_calendar, 'uri' => $this->default_calendar, 'active' => 1, 'ctag' => 1, 'components' => 'VEVENT,VTODO')); if ($ret != 1) { die("NO se ha podido insertar el calendar"); } }
public function getHashedPassword() { // Magic value from default configuration. $hash_strength = 10; $hasher = new \Hautelook\Phpass\PasswordHash($hash_strength, true); $hashedPassword = $hasher->HashPassword($this->password); return $hashedPassword; }
public function resetPasswordRequest($username) { $user = $this->getUser($username); // For safety, this is the message we display, regardless of whether $user exists. $this->session->getFlashBag()->set('info', __("A password reset link has been sent to '%user%'.", array('%user%' => $username))); if (!empty($user)) { $shadowpassword = $this->app['randomgenerator']->generateString(12); $shadowtoken = $this->app['randomgenerator']->generateString(32); $hasher = new \Hautelook\Phpass\PasswordHash($this->hash_strength, true); $shadowhashed = $hasher->HashPassword($shadowpassword); $shadowlink = sprintf("%s%sresetpassword?token=%s", $this->app['paths']['hosturl'], $this->app['paths']['bolt'], $shadowtoken); // Set the shadow password and related stuff in the database.. $update = array('shadowpassword' => $shadowhashed, 'shadowtoken' => $shadowtoken . "-" . str_replace(".", "-", $this->remoteIP), 'shadowvalidity' => date("Y-m-d H:i:s", strtotime("+2 hours"))); $this->db->update($this->usertable, $update, array('id' => $user['id'])); // Compile the email with the shadow password and reset link.. $mailhtml = $this->app['render']->render('mail/passwordreset.twig', array('user' => $user, 'shadowpassword' => $shadowpassword, 'shadowtoken' => $shadowtoken, 'shadowvalidity' => date("Y-m-d H:i:s", strtotime("+2 hours")), 'shadowlink' => $shadowlink)); // echo $mailhtml; $subject = sprintf("[ Bolt / %s ] Password reset.", $this->app['config']->get('general/sitename')); $message = \Swift_Message::newInstance()->setSubject($subject)->setFrom(array($user['email'] => "Bolt"))->setTo(array($user['email'] => $user['displayname']))->setBody(strip_tags($mailhtml))->addPart($mailhtml, 'text/html'); $res = $this->app['mailer']->send($message); if ($res) { $this->app['log']->add("Password request sent to '" . $user['displayname'] . "'.", 3, '', 'issue'); } else { $this->app['log']->add("Failed to send password request sent to '" . $user['displayname'] . "'.", 3, '', 'issue'); } } // Take a nap, to prevent brute-forcing. Zzzzz... sleep(1); return true; }
/** * Hash a password. * * To use multiple algorithms in series, provide them as an array. * Salted algorithms such as bcrypt, pbkdf2, or portable must be used last. * On error, false will be returned. * * @param string $password * @param string|array $algos (optional) * @param string $salt (optional) * @return string|false */ public static function hashPassword($password, $algos = null, $salt = null) { // If the algorithm is null, use the default algorithm. if ($algos === null) { $algos = self::getDefaultAlgorithm(); } // Initialize the chain of hashes. $algos = array_map('strtolower', array_map('trim', is_array($algos) ? $algos : explode(',', $algos))); $hashchain = preg_replace('/\\s+/', ' ', trim($password)); // Apply the given algorithms one by one. foreach ($algos as $algo) { switch ($algo) { // bcrypt (must be used last) case 'bcrypt': $hashchain = self::bcrypt($hashchain, $salt, self::getWorkFactor()); if ($hashchain[0] === '*') { return false; } return $hashchain; // PBKDF2 (must be used last) // PBKDF2 (must be used last) case 'pbkdf2': if ($salt === null) { $salt = Security::getRandom(12, 'alnum'); $hash_algorithm = 'sha512'; $iterations = intval(pow(2, self::getWorkFactor() + 5)) ?: 16384; $key_length = 24; } else { $parts = explode(':', $salt); $salt = $parts[2]; $hash_algorithm = $parts[0]; $iterations = intval($parts[1], 10); $key_length = strlen(base64_decode($parts[3])); } return self::pbkdf2($hashchain, $salt, $hash_algorithm, $iterations, $key_length); // phpass portable algorithm (must be used last) // phpass portable algorithm (must be used last) case 'portable': $phpass = new \Hautelook\Phpass\PasswordHash(self::getWorkFactor(), true); if ($salt === null) { $hashchain = $phpass->HashPassword($hashchain); return $hashchain; } else { $match = $phpass->CheckPassword($hashchain, $salt); return $match ? $salt : false; } // Drupal's SHA-512 based algorithm (must be used last) // Drupal's SHA-512 based algorithm (must be used last) case 'drupal': $hashchain = \VendorPass::drupal($password, $salt); return $hashchain; // Joomla's MD5 based algorithm (must be used last) // Joomla's MD5 based algorithm (must be used last) case 'joomla': $hashchain = \VendorPass::joomla($password, $salt); return $hashchain; // KimsQ Rb algorithms (must be used last) // KimsQ Rb algorithms (must be used last) case 'kimsqrb': $hashchain = \VendorPass::kimsqrb($password, $salt); return $hashchain; // crypt() function (must be used last) // crypt() function (must be used last) case 'crypt': if ($salt === null) { $salt = Security::getRandom(2, 'alnum'); } $hashchain = crypt($hashchain, $salt); return $hashchain; // MS SQL's PWDENCRYPT() function (must be used last) // MS SQL's PWDENCRYPT() function (must be used last) case 'mssql_pwdencrypt': $hashchain = \VendorPass::mssql_pwdencrypt($hashchain, $salt); return $hashchain; // MySQL's old PASSWORD() function. // MySQL's old PASSWORD() function. case 'mysql_old_password': $hashchain = \VendorPass::mysql_old_password($hashchain); break; // MySQL's new PASSWORD() function. // MySQL's new PASSWORD() function. case 'mysql_new_password': $hashchain = \VendorPass::mysql_new_password($hashchain); break; // A dummy algorithm that does nothing. // A dummy algorithm that does nothing. case 'null': break; // All other algorithms will be passed to hash() or treated as a function name. // All other algorithms will be passed to hash() or treated as a function name. default: if (isset(self::$_algorithm_callbacks[$algo])) { $callback = self::$_algorithm_callbacks[$algo]; $hashchain = $callback($hashchain, $salt); } elseif (in_array($algo, hash_algos())) { $hashchain = hash($algo, $hashchain); } elseif (function_exists($algo)) { $hashchain = $algo($hashchain, $salt); } else { return false; } } } return $hashchain; }
<?php include "vendor/autoload.php"; $pass = new \Hautelook\Phpass\PasswordHash(8, false); $hashed = $pass->HashPassword($argv[2]); $user = $argv[1]; // echo "mysql -uuser -ppassword -e 'INSERT INTO users (user, password) VALUES (\"$user\", \"$hashed\");' shack"; echo shell_exec("mysql -uuser -ppassword -e 'INSERT INTO users (user, password) VALUES (\"{$user}\", \"{$hashed}\");' shack"); echo "User added.";