Additional password crypt types for ldap:

- MD5_CRYPT (9 char salt prefixed with $1$)
- BLOWFISH_CRYPT (16 char salt prefixed with $2$)
- EXT_CRYPT (9 char salt, no prefix)
This commit is contained in:
Ralf Becker 2008-05-31 06:25:04 +00:00
parent 45f895d048
commit a5a7c2d30e
2 changed files with 61 additions and 40 deletions

View File

@ -146,6 +146,33 @@ class auth extends auth_
$_password = crypt($password, $salt);
$e_password = '{crypt}'.$_password;
break;
case 'blowfish_crypt':
if(@defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1)
{
$salt = '$2$' . self::randomstring(13);
$e_password = '{crypt}'.crypt($password,$salt);
break;
}
self::$error = 'no blowfish crypt';
break;
case 'md5_crypt':
if(@defined('CRYPT_MD5') && CRYPT_MD5 == 1)
{
$salt = '$1$' . self::randomstring(9);
$e_password = '{crypt}'.crypt($password,$salt);
break;
}
self::$error = 'no md5 crypt';
break;
case 'ext_crypt':
if(@defined('CRYPT_EXT_DES') && CRYPT_EXT_DES == 1)
{
$salt = self::randomstring(9);
$e_password = '{crypt}'.crypt($password,$salt);
break;
}
self::$error = 'no ext crypt';
break;
case 'md5':
/* New method taken from the openldap-software list as recommended by
* Kervin L. Pierre" <kervin@blueprint-tech.com>
@ -356,11 +383,7 @@ class auth extends auth_
$new_hash = mhash(MHASH_MD5,$form_val . $salt);
//echo '<br> DB: ' . base64_encode($orig_hash) . '<br>FORM: ' . base64_encode($new_hash);
if(strcmp($orig_hash,$new_hash) == 0)
{
return True;
}
return False;
return strcmp($orig_hash,$new_hash) == 0;
}
/**
@ -377,11 +400,7 @@ class auth extends auth_
$new_hash = mhash(MHASH_SHA1,$form_val);
//echo '<br> DB: ' . base64_encode($orig_hash) . '<br>FORM: ' . base64_encode($new_hash);
if(strcmp($hash,$new_hash) == 0)
{
return True;
}
return False;
return strcmp($hash,$new_hash) == 0;
}
/**
@ -401,11 +420,7 @@ class auth extends auth_
$salt = substr($hash, 20);
$new_hash = mhash(MHASH_SHA1, $form_val . $salt);
if(strcmp($orig_hash,$new_hash) == 0)
{
return True;
}
return False;
return strcmp($orig_hash,$new_hash) == 0;
}
/**
@ -430,11 +445,7 @@ class auth extends auth_
$salt = substr($db_val, 0, (int)$saltlen[$type]);
$new_hash = crypt($form_val, $salt);
if(strcmp($db_val,$new_hash) == 0)
{
return True;
}
return False;
return strcmp($db_val,$new_hash) == 0;
}
/**
@ -449,10 +460,7 @@ class auth extends auth_
{
$key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00));
$md5_hmac = md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*', md5(($key ^ str_repeat(chr(0x36), 64)). $form_val)));
if(strcmp($md5_hmac,$db_val) == 0)
{
return True;
}
return False;
return strcmp($md5_hmac,$db_val) == 0;
}
}

View File

@ -121,6 +121,19 @@
$hashes += array(
'plain' => 'plain',
);
/* Check for available crypt methods based on what is defined by php */
if(@defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1)
{
$hashes['blowish_crypt'] = 'blowish_crypt';
}
if(@defined('CRYPT_MD5') && CRYPT_MD5 == 1)
{
$hashes['md5_crypt'] = 'md5_crypt';
}
if(@defined('CRYPT_EXT_DES') && CRYPT_EXT_DES == 1)
{
$hashes['ext_crypt'] = 'ext_crypt';
}
while(list($key, $value) = each($hashes))
{