projects / Snippets.git / blame
| Commit | Line | Data |
|---|---|---|
| 934f0434 S |
1 | <?php |
| 2 | /** | |
| 3 | * @author Jan Altensen (Stricted) | |
| 4 | * @copyright 2013-2014 Jan Altensen (Stricted) | |
| 5 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | |
| 6 | */ | |
| 7 | class LDAPHash { | |
| 934f0434 S |
8 | /** |
| 9 | * compare given ldap hash with given password | |
| 10 | * | |
| 11 | * @param string $password | |
| 12 | * @param string $hash | |
| 13 | * @return boolean | |
| 14 | */ | |
| 15 | public function compare($password, $hash) { | |
| 16 | // replace hash method to lowercase | |
| 702bd31c S |
17 | $search = array("SSHA", "SHA256", "SHA384", "SHA512", "SSHA256", "SSHA384", "SSHA512", "MD5", "SMD5", "SHA", "CRYPT"); |
| 18 | $replace = array("ssha", "sha256", "sha384", "sha512", "ssha256", "ssha384", "ssha512", "md5", "smd5", "sha", "crypt"); | |
| 19 | $hash = str_replace($search, $replace, $hash); | |
| 20 | ||
| 934f0434 | 21 | $encrypted_password = ''; |
| 702bd31c | 22 | |
| 934f0434 S |
23 | // plain password |
| 24 | if ($password == $hash) { | |
| 25 | return true; | |
| 26 | } | |
| 702bd31c | 27 | |
| 934f0434 S |
28 | preg_match("/^{([a-z0-9]+)}([\s\S]+)/i", $hash, $method); |
| 29 | if (isset($method[1]) && !empty($method[1]) && isset($method[2]) && !empty($method[2])) { | |
| 30 | switch ($method[1]) { | |
| 31 | case "md5": | |
| 32 | $encrypted_password = '{md5}' . base64_encode(hash("md5", $password, true)); | |
| 33 | break; | |
| 702bd31c | 34 | |
| 934f0434 | 35 | case "smd5": |
| 702bd31c | 36 | $salt = substr(base64_decode($method[2]), 16); |
| 934f0434 S |
37 | $encrypted_password = '{smd5}' . base64_encode(hash("md5", $password.$salt, true).$salt); |
| 38 | break; | |
| 702bd31c | 39 | |
| 934f0434 S |
40 | case "sha": |
| 41 | $encrypted_password = '{sha}' . base64_encode(hash("sha1", $password, true)); | |
| 42 | break; | |
| 702bd31c | 43 | |
| 934f0434 | 44 | case "ssha": |
| 702bd31c | 45 | $salt = substr(base64_decode($method[2]), 20); |
| 934f0434 S |
46 | $encrypted_password = '{ssha}' . base64_encode(hash("sha1", $password.$salt, true).$salt); |
| 47 | break; | |
| 702bd31c | 48 | |
| 934f0434 S |
49 | case "sha256": |
| 50 | $encrypted_password = "{sha256}".base64_encode(hash("sha256", $password, true)); | |
| 51 | break; | |
| 702bd31c | 52 | |
| 934f0434 | 53 | case "ssha256": |
| 702bd31c | 54 | $salt = substr(base64_decode($method[2]), 32); |
| 934f0434 S |
55 | $encrypted_password = "{ssha256}".base64_encode(hash("sha256", $password.$salt, true).$salt); |
| 56 | break; | |
| 702bd31c | 57 | |
| 934f0434 S |
58 | case "sha384": |
| 59 | $encrypted_password = "{sha384}".base64_encode(hash("sha348", $password, true)); | |
| 60 | break; | |
| 702bd31c | 61 | |
| 934f0434 | 62 | case "ssha384": |
| 702bd31c | 63 | $salt = substr(base64_decode($method[2]), 48); |
| 934f0434 S |
64 | $encrypted_password = "{ssha384}".base64_encode(hash("sha384", $password.$salt, true).$salt); |
| 65 | break; | |
| 702bd31c | 66 | |
| 934f0434 S |
67 | case "sha512": |
| 68 | $encrypted_password = "{sha512}".base64_encode(hash("sha512", $password, true)); | |
| 69 | break; | |
| 702bd31c | 70 | |
| 934f0434 | 71 | case "ssha512": |
| 702bd31c | 72 | $salt = substr(base64_decode($method[2]), 64); |
| 934f0434 S |
73 | $encrypted_password = "{sha512}".base64_encode(hash("sha512", $password.$salt, true).$salt); |
| 74 | break; | |
| 702bd31c | 75 | |
| 934f0434 S |
76 | case "crypt": |
| 77 | $encrypted_password = "{crypt}".crypt($password, $method[2]); | |
| 78 | break; | |
| 702bd31c | 79 | |
| 934f0434 S |
80 | default: |
| 81 | die("Unsupported password hash format"); | |
| 82 | break; | |
| 83 | } | |
| 84 | } | |
| 702bd31c | 85 | |
| 934f0434 S |
86 | if ($hash == $encrypted_password) { |
| 87 | return true; | |
| 88 | } | |
| 89 | else { | |
| 90 | return false; | |
| 91 | } | |
| 92 | } | |
| 702bd31c | 93 | |
| 934f0434 S |
94 | /** |
| 95 | * return supported hash methods | |
| 96 | * | |
| 97 | * @return array | |
| 98 | */ | |
| 99 | public function supportedMethods () { | |
| 100 | return array("ssha", "sha256", "sha384", "sha512", "ssha256", "ssha384", "ssha512", "md5", "smd5", "sha", "crypt", "plain"); | |
| 101 | } | |
| 702bd31c | 102 | |
| 934f0434 S |
103 | /** |
| 104 | * hash given password with given hash method | |
| 105 | * | |
| 106 | * @param string $password | |
| 107 | * @param string $method | |
| 108 | * @return string | |
| 109 | */ | |
| 110 | public function hash($password, $method) { | |
| 111 | $salt = substr(sha1(time()), 0, 4); | |
| 112 | $method = strtolower($method); | |
| 113 | switch ($method) { | |
| 114 | case "ssha": | |
| 115 | $hash = base64_encode(hash("sha1", $password.$salt, true).$salt); | |
| 116 | break; | |
| 702bd31c | 117 | |
| 934f0434 S |
118 | case "sha256": |
| 119 | $hash = base64_encode(hash("sha256", $password, true)); | |
| 120 | break; | |
| 702bd31c | 121 | |
| 934f0434 S |
122 | case "sha384": |
| 123 | $hash = base64_encode(hash("sha384", $password, true)); | |
| 124 | break; | |
| 702bd31c | 125 | |
| 934f0434 S |
126 | case "sha512": |
| 127 | $hash = base64_encode(hash("sha512", $password, true)); | |
| 128 | break; | |
| 702bd31c | 129 | |
| 934f0434 S |
130 | case "ssha256": |
| 131 | $hash = base64_encode(hash("sha256", $password.$salt, true).$salt); | |
| 132 | break; | |
| 702bd31c | 133 | |
| 934f0434 S |
134 | case "ssha384": |
| 135 | $hash = base64_encode(hash("sha384", $password.$salt, true).$salt); | |
| 136 | break; | |
| 702bd31c | 137 | |
| 934f0434 S |
138 | case "ssha512": |
| 139 | $hash = base64_encode(hash("sha512", $password.$salt, true).$salt); | |
| 140 | break; | |
| 702bd31c | 141 | |
| 934f0434 S |
142 | case "md5": |
| 143 | $hash = base64_encode(hash("md5", $password, true)); | |
| 144 | break; | |
| 702bd31c | 145 | |
| 934f0434 S |
146 | case "smd5": |
| 147 | $hash = base64_encode(hash("md5", $password.$salt, true).$salt); | |
| 148 | break; | |
| 702bd31c | 149 | |
| 934f0434 S |
150 | case "sha": |
| 151 | $hash = base64_encode(hash("sha1", $password, true)); | |
| 152 | break; | |
| 702bd31c | 153 | |
| 934f0434 S |
154 | case "crypt": |
| 155 | $hash = crypt($password, $salt); | |
| 156 | break; | |
| 702bd31c | 157 | |
| 934f0434 S |
158 | case "plain": |
| 159 | $hash = $password; | |
| 160 | break; | |
| 702bd31c | 161 | |
| 934f0434 S |
162 | default : |
| 163 | die("Unsupported hash method"); | |
| 164 | break; | |
| 165 | } | |
| 702bd31c | 166 | |
| 934f0434 S |
167 | return ($method == "plain" ? "" : "{".$method."}").$hash; |
| 168 | } | |
| 169 | } | |
| 170 | ?> |