wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php

   1 <?php
   2
   3 namespace wcf\system\user\authentication\password\algorithm;
   4
   5 use ParagonIE\ConstantTime\Hex;
   6 use wcf\system\user\authentication\password\IPasswordAlgorithm;
   7
   8 /**
   9  * Implementation of the password algorithm for Invision Power Board 2.x (ipb2).
  10  *
  11  * @author  Joshua Ruesweg
  12  * @copyright   2001-2020 WoltLab GmbH
  13  * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  14  * @package WoltLabSuite\Core\System\User\Authentication\Password\Algorithm
  15  * @since   5.4
  16  */
  17 final class Ipb2 implements IPasswordAlgorithm
  18 {
  19     /**
  20      * @inheritDoc
  21      */
  22     public function verify(string $password, string $hash): bool
  23     {
  24         [$hash, $salt] = \explode(':', $hash, 2);
  25
  26         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
  27     }
  28
  29     /**
  30      * @inheritDoc
  31      */
  32     public function hash(string $password): string
  33     {
  34         $salt = Hex::encode(\random_bytes(20));
  35
  36         return $this->hashWithSalt($password, $salt) . ':' . $salt;
  37     }
  38
  39     /**
  40      * Returns the hashed password, hashed with a given salt.
  41      */
  42     private function hashWithSalt(string $password, string $salt): string
  43     {
  44         return \md5(\md5($password) . $salt);
  45     }
  46
  47     /**
  48      * @inheritDoc
  49      */
  50     public function needsRehash(string $hash): bool
  51     {
  52         return false;
  53     }
  54 }