‪TYPO3CMS  9.5
Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | Private Attributes | List of all members
TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash Class Reference
Inheritance diagram for TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash:
TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface TYPO3\CMS\Saltedpasswords\Salt\Md5Salt

Public Member Functions

bool checkPassword (string $plainPW, string $saltedHashPW)
 
bool isAvailable ()
 
string getHashedPassword (string $password, string $salt=null)
 
bool isHashUpdateNeeded (string $passString)
 
bool isValidSaltedPW (string $saltedPW)
 
string getSetting ()
 
int getSaltLength ()
 
- ‪Public Member Functions inherited from ‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface
string getHashedPassword (string $password)
 

Public Attributes

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 

Protected Member Functions

string getGeneratedSalt ()
 
string applySettingsToSalt (string $salt)
 
string getItoa64 ()
 
bool isValidSalt (string $salt)
 
string base64Encode (string $input, int $count)
 
int getLengthBase64FromBytes (int $byteLength)
 

Protected Attributes

const PREFIX = '$1$'
 

Private Attributes

array $deprecatedPublicMethods
 

Detailed Description

Class that implements MD5 salted hashing based on PHP's crypt() function.

MD5 salted hashing with PHP's crypt() should be available on most of the systems.

Definition at line 29 of file Md5PasswordHash.php.

Member Function Documentation

◆ applySettingsToSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::applySettingsToSalt ( string  $salt)
protected

Method applies settings (prefix, suffix) to a salt.

Parameters
string$salt‪A salt to apply setting to
Returns
‪string Salt with setting

Definition at line 155 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getHashedPassword().

◆ base64Encode()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::base64Encode ( string  $input,
int  $count 
)
protected

Encodes bytes into printable base 64 using the *nix standard from crypt().

Parameters
string$input‪The string containing bytes to encode.
int$count‪The number of characters (bytes) to encode.
Returns
‪string Encoded string

Definition at line 213 of file Md5PasswordHash.php.

References $output, and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getItoa64().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getGeneratedSalt().

◆ checkPassword()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::checkPassword ( string  $plainPW,
string  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPW‪plain-text password to compare with salted hash
string$saltedHashPW‪salted hash to compare plain-text password with
Returns
‪bool TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 61 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSalt().

◆ getGeneratedSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • ‪The ability to try candidate passwords against multiple hashes at once.
  • ‪The ability to use pre-hashed lists of candidate passwords.
  • ‪The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
‪string A character string containing settings and a random salt

Definition at line 143 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\base64Encode().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getHashedPassword().

◆ getHashedPassword()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getHashedPassword ( string  $password,
string  $salt = null 
)

Method creates a salted hash for a given plaintext password

Parameters
string$password‪plaintext password to create a salted hash from
string$salt‪Deprecated optional custom salt with setting to use
Returns
‪string Salted hashed password

Definition at line 87 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\applySettingsToSalt(), TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getGeneratedSalt(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSalt().

◆ getItoa64()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
‪string String for mapping an int to the corresponding base 64 character

Definition at line 171 of file Md5PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\base64Encode(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSalt().

◆ getLengthBase64FromBytes()

int TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getLengthBase64FromBytes ( int  $byteLength)
protected

Method determines required length of base64 characters for a given length of a byte string.

Parameters
int$byteLength‪Length of bytes to calculate in base64 chars
Returns
‪int Required length of base64 characters

Definition at line 247 of file Md5PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\applySettingsToSalt(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSalt().

◆ getSaltLength()

int TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getSaltLength ( )

Returns length of a MD5 salt in bytes.

Returns
‪int Length of a MD5 salt in bytes
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 271 of file Md5PasswordHash.php.

◆ getSetting()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getSetting ( )

Returns setting string of MD5 salted hashes.

Returns
‪string Setting string of MD5 salted hashes
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 259 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\PREFIX.

◆ isAvailable()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
‪bool Method available

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 75 of file Md5PasswordHash.php.

◆ isHashUpdateNeeded()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::isHashUpdateNeeded ( string  $passString)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT.

Parameters
string$passString‪Salted hash to check if it needs an update
Returns
‪bool TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 112 of file Md5PasswordHash.php.

◆ isValidSalt()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::isValidSalt ( string  $salt)
protected

Method determines if a given string is a valid salt

Parameters
string$salt‪String to check
Returns
‪bool TRUE if it's valid salt, otherwise FALSE

Definition at line 182 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getItoa64(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\checkPassword(), TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getHashedPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSaltedPW().

◆ isValidSaltedPW()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::isValidSaltedPW ( string  $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPW‪String to check
Returns
‪bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 123 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSalt().

Member Data Documentation

◆ $deprecatedPublicMethods

array TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::$deprecatedPublicMethods
private
Initial value:
= array(
'isValidSalt' => 'Using Md5PasswordHash::isValidSalt() is deprecated and will not be possible anymore in TYPO3 v10.0.',
'base64Encode' => 'Using Md5PasswordHash::base64Encode() is deprecated and will not be possible anymore in TYPO3 v10.0.',
)

Definition at line 35 of file Md5PasswordHash.php.

◆ ITOA64

const TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

Keeps a string for mapping an int to the corresponding base 64 character.

Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 51 of file Md5PasswordHash.php.

◆ PREFIX

const TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::PREFIX = '$1$'
protected

Prefix for the password hash.

Definition at line 43 of file Md5PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getSetting().