TYPO3 CMS  TYPO3_7-6
Md5Salt.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
24 class Md5Salt extends AbstractSalt implements SaltInterface
25 {
30  const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
31 
37  protected static $saltLengthMD5 = 6;
38 
44  protected static $saltSuffixMD5 = '$';
45 
51  protected static $settingMD5 = '$1$';
52 
59  protected function applySettingsToSalt($salt)
60  {
61  $saltWithSettings = $salt;
62  $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
63  // Salt without setting
64  if (strlen($salt) == $reqLenBase64) {
65  $saltWithSettings = $this->getSetting() . $salt . $this->getSaltSuffix();
66  }
67  return $saltWithSettings;
68  }
69 
78  public function checkPassword($plainPW, $saltedHashPW)
79  {
80  $isCorrect = false;
81  if ($this->isValidSalt($saltedHashPW)) {
82  $isCorrect = crypt($plainPW, $saltedHashPW) == $saltedHashPW;
83  }
84  return $isCorrect;
85  }
86 
98  protected function getGeneratedSalt()
99  {
101  return $this->base64Encode($randomBytes, $this->getSaltLength());
102  }
103 
111  public function getHashedPassword($password, $salt = null)
112  {
113  $saltedPW = null;
114  if (!empty($password)) {
115  if (empty($salt) || !$this->isValidSalt($salt)) {
116  $salt = $this->getGeneratedSalt();
117  }
118  $saltedPW = crypt($password, $this->applySettingsToSalt($salt));
119  }
120  return $saltedPW;
121  }
122 
128  protected function getItoa64()
129  {
130  return self::ITOA64;
131  }
132 
138  public function isAvailable()
139  {
140  return CRYPT_MD5;
141  }
142 
148  public function getSaltLength()
149  {
150  return self::$saltLengthMD5;
151  }
152 
158  protected function getSaltSuffix()
159  {
160  return self::$saltSuffixMD5;
161  }
162 
168  public function getSetting()
169  {
170  return self::$settingMD5;
171  }
172 
185  public function isHashUpdateNeeded($passString)
186  {
187  return false;
188  }
189 
196  public function isValidSalt($salt)
197  {
198  $isValid = ($skip = false);
199  $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
200  if (strlen($salt) >= $reqLenBase64) {
201  // Salt with prefixed setting
202  if (!strncmp('$', $salt, 1)) {
203  if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
204  $isValid = true;
205  $salt = substr($salt, strlen($this->getSetting()));
206  } else {
207  $skip = true;
208  }
209  }
210  // Checking base64 characters
211  if (!$skip && strlen($salt) >= $reqLenBase64) {
212  if (preg_match('/^[' . preg_quote($this->getItoa64(), '/') . ']{' . $reqLenBase64 . ',' . $reqLenBase64 . '}$/', substr($salt, 0, $reqLenBase64))) {
213  $isValid = true;
214  }
215  }
216  }
217  return $isValid;
218  }
219 
226  public function isValidSaltedPW($saltedPW)
227  {
228  $isValid = false;
229  $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting()));
230  if ($isValid) {
231  $isValid = $this->isValidSalt($saltedPW);
232  }
233  return $isValid;
234  }
235 }
getHashedPassword($password, $salt=null)
Definition: Md5Salt.php:111
checkPassword($plainPW, $saltedHashPW)
Definition: Md5Salt.php:78
static generateRandomBytes($bytesToReturn)