TYPO3 CMS  TYPO3_6-2
Public Member Functions | Public Attributes | Protected Member Functions | Static Protected Attributes | List of all members
TYPO3\CMS\Saltedpasswords\Salt\Md5Salt Class Reference
Inheritance diagram for TYPO3\CMS\Saltedpasswords\Salt\Md5Salt:
TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt TYPO3\CMS\Saltedpasswords\Salt\SaltInterface tx_saltedpasswords_salts_md5 TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt tx_saltedpasswords_salts_blowfish

Public Member Functions

 checkPassword ($plainPW, $saltedHashPW)
 
 getHashedPassword ($password, $salt=NULL)
 
 isAvailable ()
 
 getSaltLength ()
 
 getSetting ()
 
 isHashUpdateNeeded ($passString)
 
 isValidSalt ($salt)
 
 isValidSaltedPW ($saltedPW)
 
- Public Member Functions inherited from TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
 base64Encode ($input, $count)
 

Public Attributes

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 

Protected Member Functions

 applySettingsToSalt ($salt)
 
 getGeneratedSalt ()
 
 getItoa64 ()
 
 getSaltSuffix ()
 
- Protected Member Functions inherited from TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
 applySettingsToSalt ($salt)
 
 getGeneratedSalt ()
 
 getItoa64 ()
 
 getSetting ()
 
 getLengthBase64FromBytes ($byteLength)
 

Static Protected Attributes

static $saltLengthMD5 = 6
 
static $saltSuffixMD5 = '$'
 
static $settingMD5 = '$1$'
 

Detailed Description

This file is part of the TYPO3 CMS project.

It is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, either version 2 of the License, or any later version.

For the full copyright and license information, please read the LICENSE.txt file that was distributed with this source code.

The TYPO3 project - inspiring people to share! Class that implements MD5 salted hashing based on PHP's crypt() function.

MD5 salted hashing with PHP's crypt() should be available on most of the systems.

Author
Marcus Krause <marcus::exp2009.info>

Definition at line 26 of file Md5Salt.php.

Member Function Documentation

◆ applySettingsToSalt()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::applySettingsToSalt (   $salt)
protected

Method applies settings (prefix, suffix) to a salt.

Parameters
string$saltA salt to apply setting to
Returns
string Salt with setting

Definition at line 60 of file Md5Salt.php.

References TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt\getLengthBase64FromBytes(), TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getSaltLength(), TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getSaltSuffix(), and TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getSetting().

Referenced by TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getHashedPassword().

◆ checkPassword()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::checkPassword (   $plainPW,
  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPWplain-text password to compare with salted hash
string$saltedHashPWsalted hash to compare plain-text password with
Returns
boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 78 of file Md5Salt.php.

References TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\isValidSalt().

◆ getGeneratedSalt()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • The ability to try candidate passwords against multiple hashes at once.
  • The ability to use pre-hashed lists of candidate passwords.
  • The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
string A character string containing settings and a random salt

Definition at line 97 of file Md5Salt.php.

References TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt\base64Encode(), TYPO3\CMS\Core\Utility\GeneralUtility\generateRandomBytes(), and TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getSaltLength().

Referenced by TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getHashedPassword().

◆ getHashedPassword()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::getHashedPassword (   $password,
  $salt = NULL 
)

Method creates a salted hash for a given plaintext password

Parameters
string$passwordplaintext password to create a salted hash from
string$saltOptional custom salt with setting to use
Returns
string Salted hashed password

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 109 of file Md5Salt.php.

References TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\applySettingsToSalt(), TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getGeneratedSalt(), and TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\isValidSalt().

◆ getItoa64()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
string String for mapping an int to the corresponding base 64 character

Definition at line 125 of file Md5Salt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\isValidSalt(), and TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt\isValidSalt().

◆ getSaltLength()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::getSaltLength ( )

Returns length of a MD5 salt in bytes.

Returns
integer Length of a MD5 salt in bytes

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 143 of file Md5Salt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\applySettingsToSalt(), TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getGeneratedSalt(), and TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\isValidSalt().

◆ getSaltSuffix()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::getSaltSuffix ( )
protected

Returns suffix to be appended to a salt.

Returns
string Suffix of a salt

Definition at line 152 of file Md5Salt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\applySettingsToSalt().

◆ getSetting()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::getSetting ( )

Returns setting string of MD5 salted hashes.

Returns
string Setting string of MD5 salted hashes

Definition at line 161 of file Md5Salt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\applySettingsToSalt(), TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\isValidSalt(), and TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\isValidSaltedPW().

◆ isAvailable()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
boolean Method available

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 134 of file Md5Salt.php.

◆ isHashUpdateNeeded()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::isHashUpdateNeeded (   $passString)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT or if the user's password hash was generated in an bulk update with class ext_update.

Parameters
string$passStringSalted hash to check if it needs an update
Returns
boolean TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 177 of file Md5Salt.php.

◆ isValidSalt()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::isValidSalt (   $salt)

Method determines if a given string is a valid salt

Parameters
string$saltString to check
Returns
boolean TRUE if it's valid salt, otherwise FALSE

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 187 of file Md5Salt.php.

References TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getItoa64(), TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt\getLengthBase64FromBytes(), TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getSaltLength(), and TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getSetting().

Referenced by TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\checkPassword(), TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getHashedPassword(), and TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\isValidSaltedPW().

◆ isValidSaltedPW()

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::isValidSaltedPW (   $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPWString to check
Returns
boolean TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 216 of file Md5Salt.php.

References TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\getSetting(), and TYPO3\CMS\Saltedpasswords\Salt\Md5Salt\isValidSalt().

Member Data Documentation

◆ $saltLengthMD5

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::$saltLengthMD5 = 6
staticprotected

Definition at line 38 of file Md5Salt.php.

◆ $saltSuffixMD5

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::$saltSuffixMD5 = '$'
staticprotected

Definition at line 45 of file Md5Salt.php.

◆ $settingMD5

TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::$settingMD5 = '$1$'
staticprotected

Definition at line 52 of file Md5Salt.php.

◆ ITOA64

const TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

Keeps a string for mapping an int to the corresponding base 64 character.

Definition at line 32 of file Md5Salt.php.