TYPO3CMS  8
 All Classes Namespaces Files Functions Variables Pages
Md5Salt Class Reference
Inheritance diagram for Md5Salt:
AbstractSalt SaltInterface BlowfishSalt

Public Member Functions

 checkPassword ($plainPW, $saltedHashPW)
 
 getHashedPassword ($password, $salt=null)
 
 isAvailable ()
 
 getSaltLength ()
 
 getSetting ()
 
 isHashUpdateNeeded ($passString)
 
 isValidSalt ($salt)
 
 isValidSaltedPW ($saltedPW)
 
- Public Member Functions inherited from AbstractSalt
 base64Encode ($input, $count)
 

Public Attributes

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 

Protected Member Functions

 applySettingsToSalt ($salt)
 
 getGeneratedSalt ()
 
 getItoa64 ()
 
 getSaltSuffix ()
 
- Protected Member Functions inherited from AbstractSalt
 applySettingsToSalt ($salt)
 
 getGeneratedSalt ()
 
 getItoa64 ()
 
 getSetting ()
 
 getLengthBase64FromBytes ($byteLength)
 

Static Protected Attributes

static $saltLengthMD5 = 6
 
static $saltSuffixMD5 = '$'
 
static $settingMD5 = '$1$'
 

Detailed Description

Class that implements MD5 salted hashing based on PHP's crypt() function.

MD5 salted hashing with PHP's crypt() should be available on most of the systems.

Definition at line 27 of file Md5Salt.php.

Member Function Documentation

applySettingsToSalt (   $salt)
protected

Method applies settings (prefix, suffix) to a salt.

Parameters
string$saltA salt to apply setting to
Returns
string Salt with setting

Definition at line 62 of file Md5Salt.php.

References AbstractSalt\getLengthBase64FromBytes(), Md5Salt\getSaltLength(), Md5Salt\getSaltSuffix(), and Md5Salt\getSetting().

Referenced by Md5Salt\getHashedPassword().

checkPassword (   $plainPW,
  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPWplain-text password to compare with salted hash
string$saltedHashPWsalted hash to compare plain-text password with
Returns
bool TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements SaltInterface.

Definition at line 81 of file Md5Salt.php.

References Md5Salt\isValidSalt().

getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • The ability to try candidate passwords against multiple hashes at once.
  • The ability to use pre-hashed lists of candidate passwords.
  • The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
string A character string containing settings and a random salt

Definition at line 101 of file Md5Salt.php.

References AbstractSalt\base64Encode(), Md5Salt\getSaltLength(), and GeneralUtility\makeInstance().

Referenced by Md5Salt\getHashedPassword().

getHashedPassword (   $password,
  $salt = null 
)

Method creates a salted hash for a given plaintext password

Parameters
string$passwordplaintext password to create a salted hash from
string$saltOptional custom salt with setting to use
Returns
string Salted hashed password

Implements SaltInterface.

Definition at line 114 of file Md5Salt.php.

References Md5Salt\applySettingsToSalt(), Md5Salt\getGeneratedSalt(), and Md5Salt\isValidSalt().

getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
string String for mapping an int to the corresponding base 64 character

Definition at line 131 of file Md5Salt.php.

Referenced by Md5Salt\isValidSalt(), and BlowfishSalt\isValidSalt().

getSaltLength ( )

Returns length of a MD5 salt in bytes.

Returns
int Length of a MD5 salt in bytes

Implements SaltInterface.

Definition at line 151 of file Md5Salt.php.

Referenced by Md5Salt\applySettingsToSalt(), Md5Salt\getGeneratedSalt(), and Md5Salt\isValidSalt().

getSaltSuffix ( )
protected

Returns suffix to be appended to a salt.

Returns
string Suffix of a salt

Definition at line 161 of file Md5Salt.php.

Referenced by Md5Salt\applySettingsToSalt().

getSetting ( )

Returns setting string of MD5 salted hashes.

Returns
string Setting string of MD5 salted hashes

Definition at line 171 of file Md5Salt.php.

Referenced by Md5Salt\applySettingsToSalt(), Md5Salt\isValidSalt(), and Md5Salt\isValidSaltedPW().

isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
bool Method available

Implements SaltInterface.

Definition at line 141 of file Md5Salt.php.

isHashUpdateNeeded (   $passString)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT or if the user's password hash was generated in an bulk update with class ext_update.

Parameters
string$passStringSalted hash to check if it needs an update
Returns
bool TRUE if salted hash needs an update, otherwise FALSE

Implements SaltInterface.

Definition at line 188 of file Md5Salt.php.

isValidSalt (   $salt)

Method determines if a given string is a valid salt

Parameters
string$saltString to check
Returns
bool TRUE if it's valid salt, otherwise FALSE

Implements SaltInterface.

Definition at line 199 of file Md5Salt.php.

References Md5Salt\getItoa64(), AbstractSalt\getLengthBase64FromBytes(), Md5Salt\getSaltLength(), and Md5Salt\getSetting().

Referenced by Md5Salt\checkPassword(), Md5Salt\getHashedPassword(), and Md5Salt\isValidSaltedPW().

isValidSaltedPW (   $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPWString to check
Returns
bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements SaltInterface.

Definition at line 229 of file Md5Salt.php.

References Md5Salt\getSetting(), and Md5Salt\isValidSalt().

Member Data Documentation

$saltLengthMD5 = 6
staticprotected

Definition at line 40 of file Md5Salt.php.

$saltSuffixMD5 = '$'
staticprotected

Definition at line 47 of file Md5Salt.php.

$settingMD5 = '$1$'
staticprotected

Definition at line 54 of file Md5Salt.php.

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

Keeps a string for mapping an int to the corresponding base 64 character.

Definition at line 33 of file Md5Salt.php.