Drupal 7 hash - fixes
This commit is contained in:
Marcin Łojewski
@@ -21,54 +21,34 @@
|
||||
|
||||
namespace OCA\UserSQL\Crypto;
|
||||
|
||||
use OCP\IL10N;
|
||||
|
||||
require_once "Phpass.php";
|
||||
|
||||
/**
|
||||
* Drupal 7 overrides of phpass hash implementation.
|
||||
*
|
||||
* @author BrandonKerr
|
||||
* @author Marcin Łojewski <dev@mlojewski.me>
|
||||
*/
|
||||
class Drupal7 extends Phpass
|
||||
{
|
||||
|
||||
/**
|
||||
* The expected (and maximum) number of characters in a hashed password.
|
||||
*/
|
||||
const DRUPAL_HASH_LENGTH = 55;
|
||||
/**
|
||||
* The expected (and maximum) number of characters in a hashed password.
|
||||
*/
|
||||
const DRUPAL_HASH_LENGTH = 55;
|
||||
|
||||
/**
|
||||
* @param string $password Password to encrypt.
|
||||
* @param string $setting Hash settings.
|
||||
*
|
||||
* @return string|null Generated hash. Null on invalid settings.
|
||||
* @inheritdoc
|
||||
*/
|
||||
private function crypt($password, $setting)
|
||||
protected function crypt($password, $setting)
|
||||
{
|
||||
$countLog2 = strpos(self::ITOA64, $setting[3]);
|
||||
if ($countLog2 < 7 || $countLog2 > 30) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$count = 1 << $countLog2;
|
||||
|
||||
$salt = substr($setting, 4, 8);
|
||||
if (strlen($salt) !== 8) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$hash = hash('sha512', $salt . $password, true);
|
||||
do {
|
||||
$hash = hash('sha512', $hash . $password, true);
|
||||
} while (--$count);
|
||||
|
||||
$output = substr($setting, 0, 12);
|
||||
$output .= $this->encode64($hash, strlen($hash));
|
||||
|
||||
return substr($output, 0, self::DRUPAL_HASH_LENGTH);
|
||||
return substr(parent::crypt($password, $setting), 0, self::DRUPAL_HASH_LENGTH);
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
protected function hash($input)
|
||||
{
|
||||
return hash('sha512', $input, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
|
||||
@@ -61,7 +61,7 @@ class Phpass extends AbstractAlgorithm
|
||||
*
|
||||
* @return string|null Generated hash. Null on invalid settings.
|
||||
*/
|
||||
private function crypt($password, $setting)
|
||||
protected function crypt($password, $setting)
|
||||
{
|
||||
$countLog2 = strpos(self::ITOA64, $setting[3]);
|
||||
if ($countLog2 < 7 || $countLog2 > 30) {
|
||||
@@ -75,17 +75,29 @@ class Phpass extends AbstractAlgorithm
|
||||
return null;
|
||||
}
|
||||
|
||||
$hash = md5($salt . $password, true);
|
||||
$hash = $this->hash($salt . $password);
|
||||
do {
|
||||
$hash = md5($hash . $password, true);
|
||||
$hash = $this->hash($hash . $password);
|
||||
} while (--$count);
|
||||
|
||||
$output = substr($setting, 0, 12);
|
||||
$output .= $this->encode64($hash, 16);
|
||||
$output .= $this->encode64($hash, strlen($hash));
|
||||
|
||||
return $output;
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply hash function to input.
|
||||
*
|
||||
* @param string $input Input string.
|
||||
*
|
||||
* @return string Hashed input.
|
||||
*/
|
||||
protected function hash($input)
|
||||
{
|
||||
return md5($input, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Encode binary input to base64 string.
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user