From: joshuaruesweg <ruesweg@woltlab.com>
Date: Wed, 30 Sep 2020 11:15:21 +0000 (+0200)
Subject: Add 'Smf1' password algorithm
X-Git-Tag: 5.4.0_Alpha_1~724^2~16^2~2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=216c6b35c6963b8e12ae1925659334cb04541086;p=GitHub%2FWoltLab%2FWCF.git

Add 'Smf1' password algorithm
---

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php
new file mode 100644
index 0000000000..a2bcc9d8fe
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php
@@ -0,0 +1,46 @@
+<?php
+namespace wcf\system\user\authentication\password\algorithm;
+use wcf\system\user\authentication\password\IPasswordAlgorithm;
+
+/**
+ * Implementation of the password algorithm for Simple Machines Forums 1.x (smf1).
+ *
+ * @author	Joshua Ruesweg
+ * @copyright	2001-2020 WoltLab GmbH
+ * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package	WoltLabSuite\Core\System\User\Authentication\Password\Algorithm
+ * @since	5.4
+ */
+final class Smf1 implements IPasswordAlgorithm {
+	/**
+	 * @inheritDoc
+	 */
+	public function verify(string $password, string $hash): bool {
+		[$hash, $salt] = explode(':', $hash, 2);
+		
+		return \hash_equals($hash, $this->hashWithSalt($password, $salt));
+	}
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function hash(string $password): string {
+		$salt = \bin2hex(\random_bytes(20));
+		
+		return $this->hashWithSalt($password, $salt).':'.$salt;
+	}
+	
+	/**
+	 * Returns the hashed password, hashed with a given salt.
+	 */
+	private function hashWithSalt(string $password, string $salt): string {
+		return sha1($salt . $password);
+	}
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function needsRehash(string $hash): bool {
+		return false;
+	}
+}
diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index 8cf34c343d..f0c6b4313b 100644
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -361,13 +361,7 @@ final class PasswordUtil {
 	}
 	
 	/**
-	 * Validates the password hash for Simple Machines Forums 1.x (smf1).
-	 * 
-	 * @param	string		$username
-	 * @param	string		$password
-	 * @param	string		$salt
-	 * @param	string		$dbHash
-	 * @return	boolean
+	 * @deprecated	5.4 - Use the new password algorithm framework in \wcf\system\user\authentication\password\*.
 	 */
 	protected static function smf1($username, $password, $salt, $dbHash) {
 		return \hash_equals($dbHash, sha1(mb_strtolower($username) . $password));