Commit | Line | Data |
---|---|---|
934f0434 S |
1 | <?php |
2 | /** | |
3 | * @author Jan Altensen (Stricted) | |
4 | * @copyright 2013-2014 Jan Altensen (Stricted) | |
5 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | |
6 | */ | |
7 | class LDAPHash { | |
934f0434 S |
8 | /** |
9 | * compare given ldap hash with given password | |
10 | * | |
11 | * @param string $password | |
12 | * @param string $hash | |
13 | * @return boolean | |
14 | */ | |
15 | public function compare($password, $hash) { | |
16 | // replace hash method to lowercase | |
702bd31c S |
17 | $search = array("SSHA", "SHA256", "SHA384", "SHA512", "SSHA256", "SSHA384", "SSHA512", "MD5", "SMD5", "SHA", "CRYPT"); |
18 | $replace = array("ssha", "sha256", "sha384", "sha512", "ssha256", "ssha384", "ssha512", "md5", "smd5", "sha", "crypt"); | |
19 | $hash = str_replace($search, $replace, $hash); | |
20 | ||
934f0434 | 21 | $encrypted_password = ''; |
702bd31c | 22 | |
934f0434 S |
23 | // plain password |
24 | if ($password == $hash) { | |
25 | return true; | |
26 | } | |
702bd31c | 27 | |
934f0434 S |
28 | preg_match("/^{([a-z0-9]+)}([\s\S]+)/i", $hash, $method); |
29 | if (isset($method[1]) && !empty($method[1]) && isset($method[2]) && !empty($method[2])) { | |
30 | switch ($method[1]) { | |
31 | case "md5": | |
32 | $encrypted_password = '{md5}' . base64_encode(hash("md5", $password, true)); | |
33 | break; | |
702bd31c | 34 | |
934f0434 | 35 | case "smd5": |
702bd31c | 36 | $salt = substr(base64_decode($method[2]), 16); |
934f0434 S |
37 | $encrypted_password = '{smd5}' . base64_encode(hash("md5", $password.$salt, true).$salt); |
38 | break; | |
702bd31c | 39 | |
934f0434 S |
40 | case "sha": |
41 | $encrypted_password = '{sha}' . base64_encode(hash("sha1", $password, true)); | |
42 | break; | |
702bd31c | 43 | |
934f0434 | 44 | case "ssha": |
702bd31c | 45 | $salt = substr(base64_decode($method[2]), 20); |
934f0434 S |
46 | $encrypted_password = '{ssha}' . base64_encode(hash("sha1", $password.$salt, true).$salt); |
47 | break; | |
702bd31c | 48 | |
934f0434 S |
49 | case "sha256": |
50 | $encrypted_password = "{sha256}".base64_encode(hash("sha256", $password, true)); | |
51 | break; | |
702bd31c | 52 | |
934f0434 | 53 | case "ssha256": |
702bd31c | 54 | $salt = substr(base64_decode($method[2]), 32); |
934f0434 S |
55 | $encrypted_password = "{ssha256}".base64_encode(hash("sha256", $password.$salt, true).$salt); |
56 | break; | |
702bd31c | 57 | |
934f0434 S |
58 | case "sha384": |
59 | $encrypted_password = "{sha384}".base64_encode(hash("sha348", $password, true)); | |
60 | break; | |
702bd31c | 61 | |
934f0434 | 62 | case "ssha384": |
702bd31c | 63 | $salt = substr(base64_decode($method[2]), 48); |
934f0434 S |
64 | $encrypted_password = "{ssha384}".base64_encode(hash("sha384", $password.$salt, true).$salt); |
65 | break; | |
702bd31c | 66 | |
934f0434 S |
67 | case "sha512": |
68 | $encrypted_password = "{sha512}".base64_encode(hash("sha512", $password, true)); | |
69 | break; | |
702bd31c | 70 | |
934f0434 | 71 | case "ssha512": |
702bd31c | 72 | $salt = substr(base64_decode($method[2]), 64); |
934f0434 S |
73 | $encrypted_password = "{sha512}".base64_encode(hash("sha512", $password.$salt, true).$salt); |
74 | break; | |
702bd31c | 75 | |
934f0434 S |
76 | case "crypt": |
77 | $encrypted_password = "{crypt}".crypt($password, $method[2]); | |
78 | break; | |
702bd31c | 79 | |
934f0434 S |
80 | default: |
81 | die("Unsupported password hash format"); | |
82 | break; | |
83 | } | |
84 | } | |
702bd31c | 85 | |
934f0434 S |
86 | if ($hash == $encrypted_password) { |
87 | return true; | |
88 | } | |
89 | else { | |
90 | return false; | |
91 | } | |
92 | } | |
702bd31c | 93 | |
934f0434 S |
94 | /** |
95 | * return supported hash methods | |
96 | * | |
97 | * @return array | |
98 | */ | |
99 | public function supportedMethods () { | |
100 | return array("ssha", "sha256", "sha384", "sha512", "ssha256", "ssha384", "ssha512", "md5", "smd5", "sha", "crypt", "plain"); | |
101 | } | |
702bd31c | 102 | |
934f0434 S |
103 | /** |
104 | * hash given password with given hash method | |
105 | * | |
106 | * @param string $password | |
107 | * @param string $method | |
108 | * @return string | |
109 | */ | |
110 | public function hash($password, $method) { | |
111 | $salt = substr(sha1(time()), 0, 4); | |
112 | $method = strtolower($method); | |
113 | switch ($method) { | |
114 | case "ssha": | |
115 | $hash = base64_encode(hash("sha1", $password.$salt, true).$salt); | |
116 | break; | |
702bd31c | 117 | |
934f0434 S |
118 | case "sha256": |
119 | $hash = base64_encode(hash("sha256", $password, true)); | |
120 | break; | |
702bd31c | 121 | |
934f0434 S |
122 | case "sha384": |
123 | $hash = base64_encode(hash("sha384", $password, true)); | |
124 | break; | |
702bd31c | 125 | |
934f0434 S |
126 | case "sha512": |
127 | $hash = base64_encode(hash("sha512", $password, true)); | |
128 | break; | |
702bd31c | 129 | |
934f0434 S |
130 | case "ssha256": |
131 | $hash = base64_encode(hash("sha256", $password.$salt, true).$salt); | |
132 | break; | |
702bd31c | 133 | |
934f0434 S |
134 | case "ssha384": |
135 | $hash = base64_encode(hash("sha384", $password.$salt, true).$salt); | |
136 | break; | |
702bd31c | 137 | |
934f0434 S |
138 | case "ssha512": |
139 | $hash = base64_encode(hash("sha512", $password.$salt, true).$salt); | |
140 | break; | |
702bd31c | 141 | |
934f0434 S |
142 | case "md5": |
143 | $hash = base64_encode(hash("md5", $password, true)); | |
144 | break; | |
702bd31c | 145 | |
934f0434 S |
146 | case "smd5": |
147 | $hash = base64_encode(hash("md5", $password.$salt, true).$salt); | |
148 | break; | |
702bd31c | 149 | |
934f0434 S |
150 | case "sha": |
151 | $hash = base64_encode(hash("sha1", $password, true)); | |
152 | break; | |
702bd31c | 153 | |
934f0434 S |
154 | case "crypt": |
155 | $hash = crypt($password, $salt); | |
156 | break; | |
702bd31c | 157 | |
934f0434 S |
158 | case "plain": |
159 | $hash = $password; | |
160 | break; | |
702bd31c | 161 | |
934f0434 S |
162 | default : |
163 | die("Unsupported hash method"); | |
164 | break; | |
165 | } | |
702bd31c | 166 | |
934f0434 S |
167 | return ($method == "plain" ? "" : "{".$method."}").$hash; |
168 | } | |
169 | } | |
170 | ?> |