Handle salt in Crypto classes
This commit is contained in:
Marcin Łojewski
@@ -65,13 +65,13 @@ abstract class AbstractAlgorithm implements IPasswordAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function checkPassword($password, $dbHash)
|
public function checkPassword($password, $dbHash, $salt = null)
|
||||||
{
|
{
|
||||||
return hash_equals($dbHash, $this->getPasswordHash($password));
|
return hash_equals($dbHash, $this->getPasswordHash($password, $salt));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public abstract function getPasswordHash($password);
|
public abstract function getPasswordHash($password, $salt = null);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function checkPassword($password, $dbHash)
|
public function checkPassword($password, $dbHash, $salt = null)
|
||||||
{
|
{
|
||||||
return hash_equals($dbHash, crypt($password, $dbHash));
|
return hash_equals($dbHash, crypt($password, $dbHash));
|
||||||
}
|
}
|
||||||
@@ -46,7 +46,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return crypt($password, $this->getSalt());
|
return crypt($password, $this->getSalt());
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class Cleartext extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return $password;
|
return $password;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class CourierMD5 extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return '{MD5}' . Utils::hexToBase64(md5($password));
|
return '{MD5}' . Utils::hexToBase64(md5($password));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class CourierMD5Raw extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return '{MD5RAW}' . md5($password);
|
return '{MD5RAW}' . md5($password);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class CourierSHA1 extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return '{SHA}' . Utils::hexToBase64(sha1($password));
|
return '{SHA}' . Utils::hexToBase64(sha1($password));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class CourierSHA256 extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return '{SHA256}' . Utils::hexToBase64(hash('sha256', $password));
|
return '{SHA256}' . Utils::hexToBase64(hash('sha256', $password));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ class Crypt extends AbstractCrypt
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return password_hash($password, PASSWORD_DEFAULT);
|
return password_hash($password, PASSWORD_DEFAULT);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -81,7 +81,7 @@ class CryptArgon2 extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function checkPassword($password, $dbHash)
|
public function checkPassword($password, $dbHash, $salt = null)
|
||||||
{
|
{
|
||||||
return password_verify($password, $dbHash);
|
return password_verify($password, $dbHash);
|
||||||
}
|
}
|
||||||
@@ -89,7 +89,7 @@ class CryptArgon2 extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return password_hash(
|
return password_hash(
|
||||||
$password, PASSWORD_ARGON2I, [
|
$password, PASSWORD_ARGON2I, [
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ class CryptBlowfish extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function checkPassword($password, $dbHash)
|
public function checkPassword($password, $dbHash, $salt = null)
|
||||||
{
|
{
|
||||||
return password_verify($password, $dbHash);
|
return password_verify($password, $dbHash);
|
||||||
}
|
}
|
||||||
@@ -60,7 +60,7 @@ class CryptBlowfish extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return password_hash(
|
return password_hash(
|
||||||
$password, PASSWORD_BCRYPT, ["cost" => $this->cost]
|
$password, PASSWORD_BCRYPT, ["cost" => $this->cost]
|
||||||
|
|||||||
@@ -42,18 +42,20 @@ interface IPasswordAlgorithm
|
|||||||
* This value is stored in the database, when the password is changed.
|
* This value is stored in the database, when the password is changed.
|
||||||
*
|
*
|
||||||
* @param String $password The new password.
|
* @param String $password The new password.
|
||||||
|
* @param String $salt Optional. Salt value.
|
||||||
*
|
*
|
||||||
* @return boolean True if the password was hashed successfully, false otherwise.
|
* @return boolean True if the password was hashed successfully, false otherwise.
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password);
|
public function getPasswordHash($password, $salt = null);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check password given by the user against hash stored in the database.
|
* Check password given by the user against hash stored in the database.
|
||||||
*
|
*
|
||||||
* @param String $password Password given by the user.
|
* @param String $password Password given by the user.
|
||||||
* @param String $dbHash Password hash stored in the database.
|
* @param String $dbHash Password hash stored in the database.
|
||||||
|
* @param String $salt Optional. Salt value.
|
||||||
*
|
*
|
||||||
* @return boolean True if the password is correct, false otherwise.
|
* @return boolean True if the password is correct, false otherwise.
|
||||||
*/
|
*/
|
||||||
public function checkPassword($password, $dbHash);
|
public function checkPassword($password, $dbHash, $salt = null);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class Joomla extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
$salt = Utils::randomString(
|
$salt = Utils::randomString(
|
||||||
32, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
32, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||||||
@@ -55,7 +55,7 @@ class Joomla extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function checkPassword($password, $dbHash)
|
public function checkPassword($password, $dbHash, $salt = null)
|
||||||
{
|
{
|
||||||
return hash_equals($dbHash, self::generateHash($password, $dbHash));
|
return hash_equals($dbHash, self::generateHash($password, $dbHash));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class MD5 extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return md5($password);
|
return md5($password);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ class Phpass extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function checkPassword($password, $dbHash)
|
public function checkPassword($password, $dbHash, $salt = null)
|
||||||
{
|
{
|
||||||
return hash_equals($dbHash, $this->crypt($password, $dbHash));
|
return hash_equals($dbHash, $this->crypt($password, $dbHash));
|
||||||
}
|
}
|
||||||
@@ -136,7 +136,7 @@ class Phpass extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return $this->crypt($password, $this->genSalt());
|
return $this->crypt($password, $this->genSalt());
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class SHA1 extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return sha1($password);
|
return sha1($password);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class SHA256 extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return hash('sha256', $password);
|
return hash('sha256', $password);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class SHA512 extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return hash('sha512', $password);
|
return hash('sha512', $password);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class SHA512Whirlpool extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return hash('sha512', hash('whirlpool', $password));
|
return hash('sha512', hash('whirlpool', $password));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ abstract class SSHA extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function checkPassword($password, $dbHash)
|
public function checkPassword($password, $dbHash, $salt = null)
|
||||||
{
|
{
|
||||||
$saltedPassword = base64_decode(
|
$saltedPassword = base64_decode(
|
||||||
preg_replace("/" . $this->getPrefix() . "/i", "", $dbHash)
|
preg_replace("/" . $this->getPrefix() . "/i", "", $dbHash)
|
||||||
@@ -94,7 +94,7 @@ abstract class SSHA extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return self::ssha(
|
return self::ssha(
|
||||||
$password, Utils::randomString(
|
$password, Utils::randomString(
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ class WCF2 extends AbstractCrypt
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function checkPassword($password, $dbHash)
|
public function checkPassword($password, $dbHash, $salt = null)
|
||||||
{
|
{
|
||||||
return hash_equals($dbHash, crypt(crypt($password, $dbHash), $dbHash));
|
return hash_equals($dbHash, crypt(crypt($password, $dbHash), $dbHash));
|
||||||
}
|
}
|
||||||
@@ -39,7 +39,7 @@ class WCF2 extends AbstractCrypt
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
$salt = $this->getSalt();
|
$salt = $this->getSalt();
|
||||||
return crypt(crypt($password, $salt), $salt);
|
return crypt(crypt($password, $salt), $salt);
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ class Whirlpool extends AbstractAlgorithm
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function getPasswordHash($password)
|
public function getPasswordHash($password, $salt = null)
|
||||||
{
|
{
|
||||||
return hash('whirlpool', $password);
|
return hash('whirlpool', $password);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user