Md5PasswordHash.php

Go to the documentation of this file.

<?php
declare(strict_types = 1);
namespace ‪TYPO3\CMS\Core\Crypto\PasswordHashing;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use ‪TYPO3\CMS\Core\Compatibility\PublicMethodDeprecationTrait;
use ‪TYPO3\CMS\Core\Crypto\Random;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
 
class ‪Md5PasswordHash implements ‪PasswordHashInterface
{
    use ‪PublicMethodDeprecationTrait;
 
    private ‪$deprecatedPublicMethods = [
        'isValidSalt' => 'Using Md5PasswordHash::isValidSalt() is deprecated and will not be possible anymore in TYPO3 v10.0.',
        'base64Encode' => 'Using Md5PasswordHash::base64Encode() is deprecated and will not be possible anymore in TYPO3 v10.0.',
    ];
 
    protected const ‪PREFIX = '$1$';
 
    const ‪ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
 
    public function ‪checkPassword(string $plainPW, string $saltedHashPW): bool
    {
        $isCorrect = false;
        if ($this->‪isValidSalt($saltedHashPW)) {
            $isCorrect = \password_verify($plainPW, $saltedHashPW);
        }
        return $isCorrect;
    }
 
    public function ‪isAvailable(): bool
    {
        return (bool)CRYPT_MD5;
    }
 
    public function ‪getHashedPassword(string $password, string $salt = null)
    {
        if ($salt !== null) {
            trigger_error(static::class . ': using a custom salt is deprecated.', E_USER_DEPRECATED);
        }
        $saltedPW = null;
        if (!empty($password)) {
            if (empty($salt) || !$this->‪isValidSalt($salt)) {
                $salt = $this->‪getGeneratedSalt();
            }
            $saltedPW = crypt($password, $this->‪applySettingsToSalt($salt));
        }
        return $saltedPW;
    }
 
    public function ‪isHashUpdateNeeded(string $passString): bool
    {
        return false;
    }
 
    public function ‪isValidSaltedPW(string $saltedPW): bool
    {
        $isValid = !strncmp(self::PREFIX, $saltedPW, strlen(self::PREFIX));
        if ($isValid) {
            $isValid = $this->‪isValidSalt($saltedPW);
        }
        return $isValid;
    }
 
    protected function ‪getGeneratedSalt(): string
    {
        $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes(6);
        return $this->‪base64Encode($randomBytes, 6);
    }
 
    protected function ‪applySettingsToSalt(string $salt): string
    {
        $saltWithSettings = $salt;
        $reqLenBase64 = $this->‪getLengthBase64FromBytes(6);
        // Salt without setting
        if (strlen($salt) == $reqLenBase64) {
            $saltWithSettings = self::PREFIX . $salt . '$';
        }
        return $saltWithSettings;
    }
 
    protected function ‪getItoa64(): string
    {
        return './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    }
 
    protected function ‪isValidSalt(string $salt): bool
    {
        $isValid = ($skip = false);
        $reqLenBase64 = $this->‪getLengthBase64FromBytes(6);
        if (strlen($salt) >= $reqLenBase64) {
            // Salt with prefixed setting
            if (!strncmp('$', $salt, 1)) {
                if (!strncmp(self::PREFIX, $salt, strlen(self::PREFIX))) {
                    $isValid = true;
                    $salt = substr($salt, strlen(self::PREFIX));
                } else {
                    $skip = true;
                }
            }
            // Checking base64 characters
            if (!$skip && strlen($salt) >= $reqLenBase64) {
                if (preg_match('/^[' . preg_quote($this->‪getItoa64(), '/') . ']{' . $reqLenBase64 . ',' . $reqLenBase64 . '}$/', substr($salt, 0, $reqLenBase64))) {
                    $isValid = true;
                }
            }
        }
        return $isValid;
    }
 
    protected function ‪base64Encode(string $input, int $count): string
    {
        ‪$output = '';
        $i = 0;
        $itoa64 = $this->‪getItoa64();
        do {
            $value = ord($input[$i++]);
            ‪$output .= $itoa64[$value & 63];
            if ($i < $count) {
                $value |= ord($input[$i]) << 8;
            }
            ‪$output .= $itoa64[$value >> 6 & 63];
            if ($i++ >= $count) {
                break;
            }
            if ($i < $count) {
                $value |= ord($input[$i]) << 16;
            }
            ‪$output .= $itoa64[$value >> 12 & 63];
            if ($i++ >= $count) {
                break;
            }
            ‪$output .= $itoa64[$value >> 18 & 63];
        } while ($i < $count);
        return ‪$output;
    }
 
    protected function ‪getLengthBase64FromBytes(int $byteLength): int
    {
        // Calculates bytes in bits in base64
        return (int)ceil($byteLength * 8 / 6);
    }
 
    public function ‪getSetting(): string
    {
        trigger_error('This method will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
        return ‪self::PREFIX;
    }
 
    public function ‪getSaltLength(): int
    {
        trigger_error('This method will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
        return 6;
    }
}