TYPO3 CMS  TYPO3_8-7
Md5Salt.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
19 
27 class Md5Salt extends AbstractSalt implements SaltInterface
28 {
33  const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
34 
40  protected static $saltLengthMD5 = 6;
41 
47  protected static $saltSuffixMD5 = '$';
48 
54  protected static $settingMD5 = '$1$';
55 
62  protected function applySettingsToSalt($salt)
63  {
64  $saltWithSettings = $salt;
65  $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
66  // Salt without setting
67  if (strlen($salt) == $reqLenBase64) {
68  $saltWithSettings = $this->getSetting() . $salt . $this->getSaltSuffix();
69  }
70  return $saltWithSettings;
71  }
72 
81  public function checkPassword($plainPW, $saltedHashPW)
82  {
83  $isCorrect = false;
84  if ($this->isValidSalt($saltedHashPW)) {
85  $isCorrect = \password_verify($plainPW, $saltedHashPW);
86  }
87  return $isCorrect;
88  }
89 
101  protected function getGeneratedSalt()
102  {
103  $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($this->getSaltLength());
104  return $this->base64Encode($randomBytes, $this->getSaltLength());
105  }
106 
114  public function getHashedPassword($password, $salt = null)
115  {
116  $saltedPW = null;
117  if (!empty($password)) {
118  if (empty($salt) || !$this->isValidSalt($salt)) {
119  $salt = $this->getGeneratedSalt();
120  }
121  $saltedPW = crypt($password, $this->applySettingsToSalt($salt));
122  }
123  return $saltedPW;
124  }
125 
131  protected function getItoa64()
132  {
133  return self::ITOA64;
134  }
135 
141  public function isAvailable()
142  {
143  return CRYPT_MD5;
144  }
145 
151  public function getSaltLength()
152  {
153  return self::$saltLengthMD5;
154  }
155 
161  protected function getSaltSuffix()
162  {
163  return self::$saltSuffixMD5;
164  }
165 
171  public function getSetting()
172  {
173  return self::$settingMD5;
174  }
175 
188  public function isHashUpdateNeeded($passString)
189  {
190  return false;
191  }
192 
199  public function isValidSalt($salt)
200  {
201  $isValid = ($skip = false);
202  $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
203  if (strlen($salt) >= $reqLenBase64) {
204  // Salt with prefixed setting
205  if (!strncmp('$', $salt, 1)) {
206  if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
207  $isValid = true;
208  $salt = substr($salt, strlen($this->getSetting()));
209  } else {
210  $skip = true;
211  }
212  }
213  // Checking base64 characters
214  if (!$skip && strlen($salt) >= $reqLenBase64) {
215  if (preg_match('/^[' . preg_quote($this->getItoa64(), '/') . ']{' . $reqLenBase64 . ',' . $reqLenBase64 . '}$/', substr($salt, 0, $reqLenBase64))) {
216  $isValid = true;
217  }
218  }
219  }
220  return $isValid;
221  }
222 
229  public function isValidSaltedPW($saltedPW)
230  {
231  $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting()));
232  if ($isValid) {
233  $isValid = $this->isValidSalt($saltedPW);
234  }
235  return $isValid;
236  }
237 }
getHashedPassword($password, $salt=null)
Definition: Md5Salt.php:114
checkPassword($plainPW, $saltedHashPW)
Definition: Md5Salt.php:81
static makeInstance($className,... $constructorArguments)