From 934f04347ddab4ba2f2e1af301d7e7554a7b4621 Mon Sep 17 00:00:00 2001 From: Stricted Date: Mon, 17 Feb 2014 00:47:29 +0100 Subject: [PATCH] add bcrypt and ldaphash class and remove session class --- LDAPHash.class.php | 171 +++++++++++++++++++++++++++++++++++++++++++++ bcrypt.class.php | 84 ++++++++++++++++++++++ session.class.php | 81 --------------------- 3 files changed, 255 insertions(+), 81 deletions(-) create mode 100644 LDAPHash.class.php create mode 100644 bcrypt.class.php delete mode 100644 session.class.php diff --git a/LDAPHash.class.php b/LDAPHash.class.php new file mode 100644 index 0000000..4528179 --- /dev/null +++ b/LDAPHash.class.php @@ -0,0 +1,171 @@ + + */ +class LDAPHash { + + /** + * compare given ldap hash with given password + * + * @param string $password + * @param string $hash + * @return boolean + */ + public function compare($password, $hash) { + // replace hash method to lowercase + $search = array("SSHA", "SHA256", "SHA384", "SHA512", "SSHA256", "SSHA384", "SSHA512", "MD5", "SMD5", "SHA", "CRYPT"); + $replace = array("ssha", "sha256", "sha384", "sha512", "ssha256", "ssha384", "ssha512", "md5", "smd5", "sha", "crypt"); + $hash = str_replace($search, $replace, $hash); + + $encrypted_password = ''; + + // plain password + if ($password == $hash) { + return true; + } + + preg_match("/^{([a-z0-9]+)}([\s\S]+)/i", $hash, $method); + if (isset($method[1]) && !empty($method[1]) && isset($method[2]) && !empty($method[2])) { + switch ($method[1]) { + case "md5": + $encrypted_password = '{md5}' . base64_encode(hash("md5", $password, true)); + break; + + case "smd5": + $salt = substr(base64_decode($method[2]),16); + $encrypted_password = '{smd5}' . base64_encode(hash("md5", $password.$salt, true).$salt); + break; + + case "sha": + $encrypted_password = '{sha}' . base64_encode(hash("sha1", $password, true)); + break; + + case "ssha": + $salt = substr(base64_decode($method[2]),20); + $encrypted_password = '{ssha}' . base64_encode(hash("sha1", $password.$salt, true).$salt); + break; + + case "sha256": + $encrypted_password = "{sha256}".base64_encode(hash("sha256", $password, true)); + break; + + case "ssha256": + $salt = substr(base64_decode($method[2]),32); + $encrypted_password = "{ssha256}".base64_encode(hash("sha256", $password.$salt, true).$salt); + break; + + case "sha384": + $encrypted_password = "{sha384}".base64_encode(hash("sha348", $password, true)); + break; + + case "ssha384": + $salt = substr(base64_decode($method[2]),48); + $encrypted_password = "{ssha384}".base64_encode(hash("sha384", $password.$salt, true).$salt); + break; + + case "sha512": + $encrypted_password = "{sha512}".base64_encode(hash("sha512", $password, true)); + break; + + case "ssha512": + $salt = substr(base64_decode($method[2]),64); + $encrypted_password = "{sha512}".base64_encode(hash("sha512", $password.$salt, true).$salt); + break; + + case "crypt": + $encrypted_password = "{crypt}".crypt($password, $method[2]); + break; + + default: + die("Unsupported password hash format"); + break; + } + } + + if ($hash == $encrypted_password) { + return true; + } + else { + return false; + } + } + + /** + * return supported hash methods + * + * @return array + */ + public function supportedMethods () { + return array("ssha", "sha256", "sha384", "sha512", "ssha256", "ssha384", "ssha512", "md5", "smd5", "sha", "crypt", "plain"); + } + + /** + * hash given password with given hash method + * + * @param string $password + * @param string $method + * @return string + */ + public function hash($password, $method) { + $salt = substr(sha1(time()), 0, 4); + $method = strtolower($method); + switch ($method) { + case "ssha": + $hash = base64_encode(hash("sha1", $password.$salt, true).$salt); + break; + + case "sha256": + $hash = base64_encode(hash("sha256", $password, true)); + break; + + case "sha384": + $hash = base64_encode(hash("sha384", $password, true)); + break; + + case "sha512": + $hash = base64_encode(hash("sha512", $password, true)); + break; + + case "ssha256": + $hash = base64_encode(hash("sha256", $password.$salt, true).$salt); + break; + + case "ssha384": + $hash = base64_encode(hash("sha384", $password.$salt, true).$salt); + break; + + case "ssha512": + $hash = base64_encode(hash("sha512", $password.$salt, true).$salt); + break; + + case "md5": + $hash = base64_encode(hash("md5", $password, true)); + break; + + case "smd5": + $hash = base64_encode(hash("md5", $password.$salt, true).$salt); + break; + + case "sha": + $hash = base64_encode(hash("sha1", $password, true)); + break; + + case "crypt": + $hash = crypt($password, $salt); + break; + + case "plain": + $hash = $password; + break; + + default : + die("Unsupported hash method"); + break; + } + + return ($method == "plain" ? "" : "{".$method."}").$hash; + } +} +?> \ No newline at end of file diff --git a/bcrypt.class.php b/bcrypt.class.php new file mode 100644 index 0000000..a515ece --- /dev/null +++ b/bcrypt.class.php @@ -0,0 +1,84 @@ + + */ +class bcrypt { + /** + * compare password with given hash + * + * @param string $password + * @param string $hash + * @return boolean + */ + public function compare ($password, $hash) { + $salt = $this->getSalt($hash); + + $new = crypt($password, $salt); + $doubleSalted = crypt(crypt($password, $salt), $salt); + + if ($new == $hash) { + return true; + } + else if ($doubleSalted == $hash) { + return true; + } + + return false; + } + + /** + * crypt new password + * + * @param string $password + * @param string $double + * @return string + */ + public function crypt ($password, $double = false) { + $salt = $this->generateSalt(); + if ($double) { + return crypt(crypt($password, $salt), $salt); + } + else { + return crypt($password, $salt); + } + } + + /** + * generate new salt + * + * @return string + */ + public function generateSalt() { + $blowfishCharacters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./'; + $maxIndex = strlen($blowfishCharacters) - 1; + $salt = ''; + + for ($i = 0; $i < 22; $i++) { + $rand = mt_rand(0, $maxIndex); + $salt .= $blowfishCharacters[$rand]; + } + + return '$2a$08$' . $salt; + } + + /** + * get salt from password hash + * + * @param string $hash + * @return string + */ + private function getSalt($hash) { + $salt = ''; + if (mb_substr($hash, 0, 7) == '$2a$08$') { + $salt = mb_substr($hash, 7, 22); + } + else { + $salt = mb_substr($hash, 0, 22); + } + + return '$2a$08$' . $salt; + } +} +?> \ No newline at end of file diff --git a/session.class.php b/session.class.php deleted file mode 100644 index 76358e4..0000000 --- a/session.class.php +++ /dev/null @@ -1,81 +0,0 @@ -. - */ -class session { - - public function __construct () { /* not needed */ } - - public function start () { - session_start(); - } - - public function status () { - return session_status(); - } - - public function destroy () { - return session_destroy(); - } - - public function unset () { - session_unset(); - } - - public function cache_expire ($new_cache_expire = '') { - session_cache_expire($new_cache_expire); - } - - public function encode () { - return session_encode(); - } - - public function decode ($data) { - return session_decode($data); - } - - public function shutdown () { - session_register_shutdown(); - session_write_close(); - } - - public function getID ($set = '') { - return session_id($set); - } - - public function cache_limiter ($cache_limiter = '') { - return session_cache_limiter($cache_limiter); - } - - public function get_cookie_params () { - return session_get_cookie_params(); - } - - public function module_name ($module = '') { - return module_name($module); - } - - public function regenerate_id ($delete_old_session = false) { - return session_regenerate_id($delete_old_session); - } - - public function save_path ($path = '') { - return session_save_path($path); - } - /* too lazy to comment this class :D */ -} -?> \ No newline at end of file -- 2.20.1