From: Stricted <info@nexus-irc.de>
Date: Sun, 16 Feb 2014 23:47:29 +0000 (+0100)
Subject: add bcrypt and ldaphash class and remove session class
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=934f04347ddab4ba2f2e1af301d7e7554a7b4621;p=Snippets.git

add bcrypt and ldaphash class and remove session class
---

diff --git a/LDAPHash.class.php b/LDAPHash.class.php
new file mode 100644
index 0000000..4528179
--- /dev/null
+++ b/LDAPHash.class.php
@@ -0,0 +1,171 @@
+<?php
+/**
+ * @author      Jan Altensen (Stricted)
+ * @copyright   2013-2014 Jan Altensen (Stricted)
+ * @license     GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ */
+class LDAPHash {
+
+	/**
+	 * compare given ldap hash with given password
+	 *
+	 * @param	string	$password
+	 * @param	string	$hash
+	 * @return	boolean
+	 */
+	public function compare($password, $hash) {
+		// replace hash method to lowercase
+        $search  = array("SSHA", "SHA256", "SHA384", "SHA512", "SSHA256", "SSHA384", "SSHA512", "MD5", "SMD5", "SHA", "CRYPT"); 
+        $replace = array("ssha", "sha256", "sha384", "sha512", "ssha256", "ssha384", "ssha512", "md5", "smd5", "sha", "crypt"); 
+        $hash = str_replace($search, $replace, $hash);
+		
+		$encrypted_password = '';
+		
+		// plain password
+		if ($password == $hash) {
+			return true;
+		}
+		
+		preg_match("/^{([a-z0-9]+)}([\s\S]+)/i", $hash, $method);
+		if (isset($method[1]) && !empty($method[1]) && isset($method[2]) && !empty($method[2])) {
+			switch ($method[1]) {
+				case "md5":
+					$encrypted_password = '{md5}' . base64_encode(hash("md5", $password, true));
+					break;
+				
+				case "smd5":
+					$salt = substr(base64_decode($method[2]),16);
+					$encrypted_password = '{smd5}' . base64_encode(hash("md5", $password.$salt, true).$salt);
+					break;
+				
+				case "sha":
+					$encrypted_password = '{sha}' . base64_encode(hash("sha1", $password, true));
+					break;
+				
+				case "ssha":
+					$salt = substr(base64_decode($method[2]),20);
+					$encrypted_password = '{ssha}' . base64_encode(hash("sha1", $password.$salt, true).$salt);
+					break;
+				
+				case "sha256":
+					$encrypted_password = "{sha256}".base64_encode(hash("sha256", $password, true));
+					break;
+				
+				case "ssha256":
+					$salt = substr(base64_decode($method[2]),32);
+					$encrypted_password =  "{ssha256}".base64_encode(hash("sha256", $password.$salt, true).$salt);
+					break;
+				
+				case "sha384":
+					$encrypted_password = "{sha384}".base64_encode(hash("sha348", $password, true));
+					break;
+				
+				case "ssha384":
+					$salt = substr(base64_decode($method[2]),48);
+					$encrypted_password =  "{ssha384}".base64_encode(hash("sha384", $password.$salt, true).$salt);
+					break;
+				
+				case "sha512":
+					$encrypted_password = "{sha512}".base64_encode(hash("sha512", $password, true));
+					break;
+				
+				case "ssha512":
+					$salt = substr(base64_decode($method[2]),64);
+					$encrypted_password =  "{sha512}".base64_encode(hash("sha512", $password.$salt, true).$salt);
+					break;
+				
+				case "crypt":
+					$encrypted_password = "{crypt}".crypt($password, $method[2]);
+					break;
+				
+				default:
+					die("Unsupported password hash format");
+					break;
+			}
+		}
+		
+		if ($hash == $encrypted_password) {
+			return true;
+		}
+		else {
+			return false;
+		}
+	}
+	
+	/**
+	 * return supported hash methods
+	 *
+	 * @return	array
+	 */
+	public function supportedMethods () {
+		return array("ssha", "sha256", "sha384", "sha512", "ssha256", "ssha384", "ssha512", "md5", "smd5", "sha", "crypt", "plain");
+	}
+	
+	/**
+	 * hash given password with given hash method
+	 *
+	 * @param	string	$password
+	 * @param	string	$method
+	 * @return	string
+	 */
+	public function hash($password, $method) {
+		$salt = substr(sha1(time()), 0, 4);
+		$method = strtolower($method);
+		switch ($method) {
+			case "ssha":
+				$hash = base64_encode(hash("sha1", $password.$salt, true).$salt);
+				break;
+			
+			case "sha256":
+				$hash = base64_encode(hash("sha256", $password, true));
+				break;
+			
+			case "sha384":
+				$hash = base64_encode(hash("sha384", $password, true));
+				break;
+			
+			case "sha512":
+				$hash = base64_encode(hash("sha512", $password, true));
+				break;
+			
+			case "ssha256":
+				$hash = base64_encode(hash("sha256", $password.$salt, true).$salt);
+				break;
+			
+			case "ssha384":
+				$hash = base64_encode(hash("sha384", $password.$salt, true).$salt);
+				break;
+			
+			case "ssha512":
+				$hash = base64_encode(hash("sha512", $password.$salt, true).$salt);
+				break;
+			
+			case "md5":
+				$hash = base64_encode(hash("md5", $password, true));
+				break;
+				
+			case "smd5":
+				$hash = base64_encode(hash("md5", $password.$salt, true).$salt);
+				break;
+			
+			case "sha":
+				$hash = base64_encode(hash("sha1", $password, true));
+				break;
+			
+			case "crypt":
+				$hash = crypt($password, $salt);
+				break;
+			
+			case "plain":
+				$hash = $password;
+				break;
+				
+			default :
+				die("Unsupported hash method");
+				break;
+		}
+		
+		return ($method == "plain" ? "" : "{".$method."}").$hash;
+	}
+}
+?>
\ No newline at end of file
diff --git a/bcrypt.class.php b/bcrypt.class.php
new file mode 100644
index 0000000..a515ece
--- /dev/null
+++ b/bcrypt.class.php
@@ -0,0 +1,84 @@
+<?php
+/**
+ * @author      Jan Altensen (Stricted)
+ * @copyright   2013-2014 Jan Altensen (Stricted)
+ * @license     GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ */
+class bcrypt {
+	/**
+	 * compare password with given hash
+	 *
+	 * @param	string	$password
+	 * @param	string	$hash
+	 * @return	boolean
+	 */
+	public function compare ($password, $hash) {
+		$salt = $this->getSalt($hash);
+		
+		$new = crypt($password, $salt);
+		$doubleSalted = crypt(crypt($password, $salt), $salt);
+		
+		if ($new == $hash) {
+			return true;
+		}
+		else if ($doubleSalted == $hash) {
+			return true;
+		}
+		
+		return false;
+	}
+
+	/**
+	 * crypt new password
+	 *
+	 * @param	string	$password
+	 * @param	string	$double	<optional>
+	 * @return	string
+	 */
+	public function crypt ($password, $double = false) {
+		$salt = $this->generateSalt();
+		if ($double) {
+			return crypt(crypt($password, $salt), $salt);
+		}
+		else {
+			return crypt($password, $salt);
+		}
+	}
+	
+	/**
+	 * generate new salt
+	 *
+	 * @return	string
+	 */
+	public function generateSalt() {
+		$blowfishCharacters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
+		$maxIndex = strlen($blowfishCharacters) - 1;
+		$salt = '';
+		
+		for ($i = 0; $i < 22; $i++) {
+			$rand = mt_rand(0, $maxIndex);
+			$salt .= $blowfishCharacters[$rand];
+		}
+
+		return '$2a$08$' . $salt;
+	}
+	
+	/**
+	 * get salt from password hash
+	 *
+	 * @param	string	$hash
+	 * @return	string
+	 */
+	private function getSalt($hash) {
+		$salt = '';
+		if (mb_substr($hash, 0, 7) == '$2a$08$') {
+			$salt = mb_substr($hash, 7, 22);
+		}
+		else {
+			$salt = mb_substr($hash, 0, 22);
+		}
+		
+		return '$2a$08$' . $salt;
+	}
+}
+?>
\ No newline at end of file
diff --git a/session.class.php b/session.class.php
deleted file mode 100644
index 76358e4..0000000
--- a/session.class.php
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php
-/* session.class.php
- * Copyright (C) 2011 - 2013  Jan Altensen (Stricted)
- * http://stricted.de/
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License 
- * along with this program. If not, see <http://www.gnu.org/licenses/>. 
- */
-class session {
-
-	public function __construct () { /* not needed */ }
-	
-	public function start () {
-		session_start();
-	}
-	
-	public function status () {
-		return session_status();
-	}
-	
-	public function destroy () {
-		return session_destroy();
-	}
-	
-	public function unset () {
-		session_unset();
-	}
-	
-	public function cache_expire ($new_cache_expire = '') {
-		session_cache_expire($new_cache_expire);
-	}
-	
-	public function encode () {
-		return session_encode();
-	}
-	
-	public function decode ($data) {
-		return session_decode($data);
-	}
-	
-	public function shutdown () {
-		session_register_shutdown();
-		session_write_close();
-	}
-	
-	public function getID ($set = '') {
-		return session_id($set);
-	}
-	
-	public function cache_limiter ($cache_limiter = '') {
-		return session_cache_limiter($cache_limiter);
-	}
-	
-	public function get_cookie_params () {
-		return session_get_cookie_params();
-	}
-	
-	public function module_name ($module = '') {
-		return module_name($module);
-	}
-	
-	public function regenerate_id ($delete_old_session = false) {
-		return session_regenerate_id($delete_old_session);
-	}
-	
-	public function save_path ($path = '') {
-		return session_save_path($path);
-	}
-	/* too lazy to comment this class :D */
-}
-?>
\ No newline at end of file