Inheritance diagram for TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash:

Public Member Functions
bool	checkPassword (string $plainPW, string $saltedHashPW)

bool	isAvailable ()

	getHashedPassword (string $password)

bool	isHashUpdateNeeded (string $passString)

bool	isValidSaltedPW (string $saltedPW)

Protected Member Functions
string	getGeneratedSalt ()

string	applySettingsToSalt (string $salt)

string	getItoa64 ()

bool	isValidSalt (string $salt)

string	base64Encode (string $input, int $count)

int	getLengthBase64FromBytes (int $byteLength)

Protected Attributes
const	PREFIX = '$1$'

Detailed Description

Class that implements MD5 salted hashing based on PHP's crypt() function.

MD5 salted hashing with PHP's crypt() should be available on most of the systems.

Definition at line 30 of file Md5PasswordHash.php.

Member Function Documentation

◆ applySettingsToSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::applySettingsToSalt ( string $salt )

protected

Method applies settings (prefix, suffix) to a salt.

Parameters

string $salt ‪A salt to apply setting to

Returns: ‪string Salt with setting

Definition at line 127 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getHashedPassword().

◆ base64Encode()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::base64Encode	(	string	$input,
		int	$count
	)

protected

Encodes bytes into printable base 64 using the *nix standard from crypt().

Parameters

string	$input	‪The string containing bytes to encode.
int	$count	‪The number of characters (bytes) to encode.

Returns: ‪string Encoded string

Definition at line 185 of file Md5PasswordHash.php.

References $output, and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getItoa64().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getGeneratedSalt().

◆ checkPassword()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::checkPassword	(	string	$plainPW,
		string	$saltedHashPW
	)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters

string	$plainPW	‪plain-text password to compare with salted hash
string	$saltedHashPW	‪salted hash to compare plain-text password with

Returns: ‪bool TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 45 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSalt().

◆ getGeneratedSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getGeneratedSalt ( )

protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

‪The ability to try candidate passwords against multiple hashes at once.
‪The ability to use pre-hashed lists of candidate passwords.
‪The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.

Returns: ‪string A character string containing settings and a random salt

Definition at line 115 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\base64Encode().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getHashedPassword().

◆ getHashedPassword()

TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getHashedPassword ( string $password )

Method creates a hash for a given plaintext password

Parameters

string $password ‪Plaintext password to create a hash from

Returns: ‪string|null Hashed password or null on empty password

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 64 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\applySettingsToSalt(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getGeneratedSalt().

◆ getItoa64()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getItoa64 ( )

protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns: ‪string String for mapping an int to the corresponding base 64 character

Definition at line 143 of file Md5PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\base64Encode(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSalt().

◆ getLengthBase64FromBytes()

int TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::getLengthBase64FromBytes ( int $byteLength )

protected

Method determines required length of base64 characters for a given length of a byte string.

Parameters

int $byteLength ‪Length of bytes to calculate in base64 chars

Returns: ‪int Required length of base64 characters

Definition at line 219 of file Md5PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\applySettingsToSalt(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSalt().

◆ isAvailable()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns: ‪bool Method available

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 59 of file Md5PasswordHash.php.

◆ isHashUpdateNeeded()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::isHashUpdateNeeded ( string $passString )

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT.

Parameters

string $passString ‪Salted hash to check if it needs an update

Returns: ‪bool TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 84 of file Md5PasswordHash.php.

◆ isValidSalt()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::isValidSalt ( string $salt )

protected

Method determines if a given string is a valid salt

Parameters

string $salt ‪String to check

Returns: ‪bool TRUE if it's valid salt, otherwise FALSE

Definition at line 154 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getItoa64(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\checkPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSaltedPW().

◆ isValidSaltedPW()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::isValidSaltedPW ( string $saltedPW )

Method determines if a given string is a valid salted hashed password.

Parameters

string $saltedPW ‪String to check

Returns: ‪bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 95 of file Md5PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash\isValidSalt().

Member Data Documentation

◆ PREFIX

const TYPO3\CMS\Core\Crypto\PasswordHashing\Md5PasswordHash::PREFIX = '$1$'

protected

Prefix for the password hash.

Definition at line 35 of file Md5PasswordHash.php.

Public Member Functions

Protected Member Functions

Protected Attributes

Detailed Description

Member Function Documentation

◆ applySettingsToSalt()

◆ base64Encode()

◆ checkPassword()

◆ getGeneratedSalt()

◆ getHashedPassword()

◆ getItoa64()

◆ getLengthBase64FromBytes()

◆ isAvailable()

◆ isHashUpdateNeeded()

◆ isValidSalt()

◆ isValidSaltedPW()

Member Data Documentation

◆ PREFIX