/**
* Replaces password with salted hash of passwort
* extends tx_srfeuserregister_data->parseOutgoingData
*
* @param array $dataArray: array with user data to be modified
* @param array $origArray
*
* @return array parsed array
*/
function parseOutgoingData(&$dataArray, $origArray)
{
$parsedArray = parent::parseOutgoingData($dataArray, $origArray);
if (t3lib_extMgm::isLoaded('saltedpasswords') && tx_saltedpasswords_div::isUsageEnabled()) {
$objPHPass = t3lib_div::makeInstance(tx_saltedpasswords_div::getDefaultSaltingHashingMethod());
$updatedPassword = $objPHPass->getHashedPassword($parsedArray['password']);
$parsedArray['password'] = $parsedArray['password_again'] = $updatedPassword;
}
return $parsedArray;
}
/**
* Obtains a salting hashing method instance.
*
* This function will return an instance of a class that implements
* tx_saltedpasswords_abstract_salts.
*
* Use parameter NULL to reset the factory!
*
* @param string $saltedHash: (optional) salted hashed password to determine the type of used method from or NULL to reset the factory
* @param string $mode: (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
* @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object
*/
public static function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE)
{
// creating new instance when
// * no instance existing
// * a salted hash given to determine salted hashing method from
// * a NULL parameter given to reset instance back to default method
if (!is_object(self::$instance) || !empty($saltedHash) || is_NULL($saltedHash)) {
// determine method by checking the given hash
if (!empty($saltedHash)) {
$result = self::determineSaltingHashingMethod($saltedHash);
if (!$result) {
self::$instance = NULL;
}
} else {
$classNameToUse = tx_saltedpasswords_div::getDefaultSaltingHashingMethod($mode);
$availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
self::$instance = t3lib_div::getUserObj($availableClasses[$classNameToUse], 'tx_');
}
}
return self::$instance;
}
/**
* @test
*/
public function resettingFactoryInstanceSucceeds()
{
$defaultClassNameToUse = tx_saltedpasswords_div::getDefaultSaltingHashingMethod();
$saltedPW = '';
if ($defaultClassNameToUse == 'tx_saltedpasswords_salts_md5') {
$saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.';
} else {
$saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0';
}
$this->objectInstance = tx_saltedpasswords_salts_factory::getSaltingInstance($saltedPW);
// resetting
$this->objectInstance = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL);
$this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse));
}
/**
* Checks the login data with the user record data for builtin login method.
*
* @param array user data array
* @param array login data array
* @param string login security level (optional)
* @return boolean TRUE if login data matched
*/
function compareUident(array $user, array $loginData, $security_level = 'normal')
{
$validPasswd = FALSE;
// could be merged; still here to clarify
if (!strcmp(TYPO3_MODE, 'BE')) {
$password = $loginData['uident_text'];
} else {
if (!strcmp(TYPO3_MODE, 'FE')) {
$password = $loginData['uident_text'];
}
}
// determine method used for given salted hashed password
$this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance($user['password']);
// existing record is in format of Salted Hash password
if (is_object($this->objInstanceSaltedPW)) {
$validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']);
// record is in format of Salted Hash password but authentication failed
// skip further authentication methods
if (!$validPasswd) {
$this->authenticationFailed = TRUE;
}
$defaultHashingClassName = tx_saltedpasswords_div::getDefaultSaltingHashingMethod();
$skip = FALSE;
// test for wrong salted hashing method
if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) {
// instanciate default method class
$this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL);
$this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
}
if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) {
$this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
}
// we process also clear-text, md5 and passwords updated by Portable PHP password hashing framework
} else {
if (!intval($this->extConf['forceSalted'])) {
// stored password is in deprecated salted hashing method
if (t3lib_div::inList('C$,M$', substr($user['password'], 0, 2))) {
// instanciate default method class
$this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(substr($user['password'], 1));
// md5
if (!strcmp(substr($user['password'], 0, 1), 'M')) {
$validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1));
} else {
$validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1));
}
// skip further authentication methods
if (!$validPasswd) {
$this->authenticationFailed = TRUE;
}
// password is stored as md5
} else {
if (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) {
$validPasswd = !strcmp(md5($password), $user['password']) ? TRUE : FALSE;
// skip further authentication methods
if (!$validPasswd) {
$this->authenticationFailed = TRUE;
}
// password is stored plain or unrecognized format
} else {
$validPasswd = !strcmp($password, $user['password']) ? TRUE : FALSE;
}
}
// should we store the new format value in DB?
if ($validPasswd && intval($this->extConf['updatePasswd'])) {
// instanciate default method class
$this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL);
$this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
}
}
}
return $validPasswd;
}
