/** * Obtains a salting hashing method instance. * * This function will return an instance of a class that implements * tx_saltedpasswords_abstract_salts. * * Use parameter NULL to reset the factory! * * @param string $saltedHash (optional) Salted hashed password to determine the type of used method from or NULL to reset the factory * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for * @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object */ public static function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE) { // Creating new instance when // * no instance existing // * a salted hash given to determine salted hashing method from // * a NULL parameter given to reset instance back to default method if (!is_object(self::$instance) || !empty($saltedHash) || is_NULL($saltedHash)) { // Determine method by checking the given hash if (!empty($saltedHash)) { $result = self::determineSaltingHashingMethod($saltedHash); if (!$result) { self::$instance = NULL; } } else { $classNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode); $availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']; self::$instance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($availableClasses[$classNameToUse], 'tx_'); } } return self::$instance; }
/** * Checks the login data with the user record data for builtin login method. * * @param array $user User data array * @param array $loginData Login data array * @param string $passwordCompareStrategy Password compare strategy * @return bool TRUE if login data matched */ public function compareUident(array $user, array $loginData, $passwordCompareStrategy = '') { $validPasswd = FALSE; $password = $loginData['uident_text']; // Determine method used for given salted hashed password $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']); // Existing record is in format of Salted Hash password if (is_object($this->objInstanceSaltedPW)) { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']); // Record is in format of Salted Hash password but authentication failed // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } $defaultHashingClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod(); $skip = FALSE; // Test for wrong salted hashing method if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) { // Instanciate default method class $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL); $this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) { $this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } } elseif (!(int) $this->extConf['forceSalted']) { // Stored password is in deprecated salted hashing method if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($user['password'], 0, 2))) { // Instanciate default method class $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(substr($user['password'], 1)); // md5 if ($user['password'][0] === 'M') { $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1)); } else { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1)); } // Skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } } elseif (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) { $validPasswd = md5($password) === (string) $user['password']; // Skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } } else { $validPasswd = (string) $password === (string) $user['password']; } // Should we store the new format value in DB? if ($validPasswd && (int) $this->extConf['updatePasswd']) { // Instanciate default method class $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL); $this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } } return $validPasswd; }
/** * @test */ public function resettingFactoryInstanceSucceeds() { $defaultClassNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod(); if ($defaultClassNameToUse == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt') { $saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.'; } else { $saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0'; } $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltedPW); // resetting $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL); $this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse)); }
function setPassword($password) { $this->data['password'] = $password; $this->data['tx_mmforum_md5'] = md5($password); $objPHPass = null; if (ExtensionManagementUtility::isLoaded('t3sec_saltedpw')) { require_once ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/staticlib/class.tx_t3secsaltedpw_div.php'; if (tx_t3secsaltedpw_div::isUsageEnabled()) { require_once ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/lib/class.tx_t3secsaltedpw_phpass.php'; $objPHPass = GeneralUtility::makeInstance('tx_t3secsaltedpw_phpass'); } } if (!$objPHPass && ExtensionManagementUtility::isLoaded('saltedpasswords')) { if (SaltedPasswordsUtility::isUsageEnabled()) { $objPHPass = GeneralUtility::makeInstance(SaltedPasswordsUtility::getDefaultSaltingHashingMethod()); } } if ($objPHPass) { $this->data['password'] = $objPHPass->getHashedPassword($password); } else { if (ExtensionManagementUtility::isLoaded('kb_md5fepw')) { //if kb_md5fepw is installed, crypt password $this->data['password'] = md5($password); } } }
public function getHashedPassword($password) { $objPHPass = null; if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('t3sec_saltedpw')) { require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/staticlib/class.tx_t3secsaltedpw_div.php'; if (tx_t3secsaltedpw_div::isUsageEnabled()) { require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/lib/class.tx_t3secsaltedpw_phpass.php'; $objPHPass = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('tx_t3secsaltedpw_phpass'); } } if (!$objPHPass && \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords')) { if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled()) { $objPHPass = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod()); } } if ($objPHPass) { $password = $objPHPass->getHashedPassword($password); } else { if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('kb_md5fepw')) { //if kb_md5fepw is installed, crypt password $password = md5($password); } } return $password; }
/** * Method tries to determine the salting hashing method used for given salt. * * Method implicitly sets the instance of the found method object in the class property when found. * * @param string $saltedHash * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for * @return bool TRUE, if salting hashing method has been found, otherwise FALSE */ public static function determineSaltingHashingMethod($saltedHash, $mode = TYPO3_MODE) { $registeredMethods = static::getRegisteredSaltedHashingMethods(); $defaultClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode); $defaultReference = $registeredMethods[$defaultClassName]; unset($registeredMethods[$defaultClassName]); // place the default method first in the order $registeredMethods = array($defaultClassName => $defaultReference) + $registeredMethods; $methodFound = false; foreach ($registeredMethods as $method) { $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($method); if ($objectInstance instanceof SaltInterface) { $methodFound = $objectInstance->isValidSaltedPW($saltedHash); if ($methodFound) { self::$instance = $objectInstance; break; } } } return $methodFound; }