Пример #1
0
 /**
  * Load the configuration of authentification, stored in the auth plugin config
  * @return array
  * @since 1.2.10
  */
 public static function loadConfig($newconfig = null)
 {
     if (self::$config === null || $newconfig) {
         if (!$newconfig) {
             $plugin = jApp::coord()->getPlugin('auth');
             if ($plugin === null) {
                 throw new jException('jelix~auth.error.plugin.missing');
             }
             $config =& $plugin->config;
         } else {
             $config = $newconfig;
         }
         if (!isset($config['session_name']) || $config['session_name'] == '') {
             $config['session_name'] = 'JELIX_USER';
         }
         if (!isset($config['persistant_cookie_path']) || $config['persistant_cookie_path'] == '') {
             if (jApp::config()) {
                 $config['persistant_cookie_path'] = jApp::urlBasePath();
             } else {
                 $config['persistant_cookie_path'] = '/';
             }
         }
         // Read hash method configuration. If not empty, cryptPassword will use
         // the new API of PHP 5.5 (password_verify and so on...)
         $password_hash_method = isset($config['password_hash_method']) ? $config['password_hash_method'] : 0;
         if ($password_hash_method === '' || !is_numeric($password_hash_method)) {
             $password_hash_method = 0;
         } else {
             $password_hash_method = intval($password_hash_method);
         }
         if ($password_hash_method > 0) {
             require_once __DIR__ . '/password.php';
             if (!can_use_password_API()) {
                 $password_hash_method = 0;
             }
         } else {
             require_once __DIR__ . '/hash_equals.php';
         }
         $password_hash_options = isset($config['password_hash_options']) ? $config['password_hash_options'] : '';
         if ($password_hash_options != '') {
             $list = '{"' . str_replace(array('=', ';'), array('":"', '","'), $config['password_hash_options']) . '"}';
             $json = new jJson(SERVICES_JSON_LOOSE_TYPE);
             $password_hash_options = @$json->decode($list);
             if (!$password_hash_options) {
                 $password_hash_options = array();
             }
         } else {
             $password_hash_options = array();
         }
         $config['password_hash_method'] = $password_hash_method;
         $config['password_hash_options'] = $password_hash_options;
         $config[$config['driver']]['password_hash_method'] = $password_hash_method;
         $config[$config['driver']]['password_hash_options'] = $password_hash_options;
         self::$config = $config;
     }
     return self::$config;
 }
Пример #2
0
    if (preg_match('/squeeze(\\d+)$/', PHP_VERSION, $m)) {
        if (intval($m[1]) >= 4) {
            if (!defined('_PASSWORD_CRYPT_HASH_FORMAT')) {
                define('_PASSWORD_CRYPT_HASH_FORMAT', '$2a$%02d$');
            }
            if (!defined('_PASSWORD_CRYPT_PROLOG')) {
                define('_PASSWORD_CRYPT_PROLOG', '$2a$');
            }
            return true;
        }
    }
    //FIXME crypt() in PHP 5.3.3 is fixed also on other distro like RedHat.
    // however I don't know if it supports 2y, and how does PHP_VERSION look like
    return false;
}
if (!can_use_password_API()) {
    trigger_error("The Password Compatibility Library requires PHP >= 5.3.7 or PHP >= 5.3.3-7+squeeze4 on debian", E_USER_WARNING);
    // Prevent defining the functions
    return;
}
if (!defined('PASSWORD_BCRYPT')) {
    define('PASSWORD_BCRYPT', 1);
    define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
    /**
     * Hash the password using the specified algorithm
     *
     * @param string $password The password to hash
     * @param int    $algo     The algorithm to use (Defined by PASSWORD_* constants)
     * @param array  $options  The options for the algorithm to use
     *
     * @returns string|false The hashed password, or false on error.