diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-10-28 20:22:05 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-10-28 20:22:05 +0100 |
| commit | 23a363f01514464eb2238ac09ec7723d03d57ecb (patch) | |
| tree | 42c7dcff8c5b0e506a25d08ee5583ed2a24e8602 /inc/PassHash.class.php | |
| parent | 25e48e54df60b3df6efa365daceb3a8966c8f427 (diff) | |
| parent | 75cf672f10a71f7dee6d50eb70b742689838bc36 (diff) | |
| download | rpg-23a363f01514464eb2238ac09ec7723d03d57ecb.tar.gz rpg-23a363f01514464eb2238ac09ec7723d03d57ecb.tar.bz2 | |
Merge branch 'master' into stable
* master: (413 commits)
release preparation
fixed strict violation in ACL plugin
Fix issues from teams:i18n:translation-check in localizations
ensure locale is set back to the original value
skip FS#2867 test if \s doesn't match \xA0 after attempting to change the locale
unittests for auth_loadACL
translation update
allow charset for SSO to be configured FS#2148
Mailer: avoid overlong headers in content ids FS#2868
translation update
translation update
replace \s, \S with [ \t], [^ \t] in regexs used with acls
translation update
translation update
translation update
translation update
Fix handling of the legacy subscription action name
remove obsolete opera handling and session closing
remove no longer used ajax.php
fix proxy CONNECT where HTTP 1.1 answer is given
...
Diffstat (limited to 'inc/PassHash.class.php')
| -rw-r--r-- | inc/PassHash.class.php | 65 |
1 files changed, 64 insertions, 1 deletions
diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 080fb4778..db6a3a77c 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -98,7 +98,7 @@ class PassHash { $salt = ''; $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; for($i = 0; $i < $len; $i++) { - $salt .= $chars[mt_rand(0, 61)]; + $salt .= $chars[$this->random(0, 61)]; } return $salt; } @@ -494,4 +494,67 @@ class PassHash { $this->init_salt($salt, 8, false); return ':B:'.$salt.':'.md5($salt.'-'.md5($clear)); } + + /** + * Wraps around native hash_hmac() or reimplents it + * + * This is not directly used as password hashing method, and thus isn't callable via the + * verify_hash() method. It should be used to create signatures and might be used in other + * password hashing methods. + * + * @see hash_hmac() + * @author KC Cloyd + * @link http://www.php.net/manual/en/function.hash-hmac.php#93440 + * + * @param string $algo Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4", + * etc..) See hash_algos() for a list of supported algorithms. + * @param string $data Message to be hashed. + * @param string $key Shared secret key used for generating the HMAC variant of the message digest. + * @param bool $raw_output When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits. + * + * @return string + */ + public static function hmac($algo, $data, $key, $raw_output = false) { + // use native function if available and not in unit test + if(function_exists('hash_hmac') && !defined('SIMPLE_TEST')){ + return hash_hmac($algo, $data, $key, $raw_output); + } + + $algo = strtolower($algo); + $pack = 'H' . strlen($algo('test')); + $size = 64; + $opad = str_repeat(chr(0x5C), $size); + $ipad = str_repeat(chr(0x36), $size); + + if(strlen($key) > $size) { + $key = str_pad(pack($pack, $algo($key)), $size, chr(0x00)); + } else { + $key = str_pad($key, $size, chr(0x00)); + } + + for($i = 0; $i < strlen($key) - 1; $i++) { + $opad[$i] = $opad[$i] ^ $key[$i]; + $ipad[$i] = $ipad[$i] ^ $key[$i]; + } + + $output = $algo($opad . pack($pack, $algo($ipad . $data))); + + return ($raw_output) ? pack($pack, $output) : $output; + } + + /** + * Use DokuWiki's secure random generator if available + * + * @param $min + * @param $max + * + * @return int + */ + protected function random($min, $max){ + if(function_exists('auth_random')){ + return auth_random($min, $max); + }else{ + return mt_rand($min, $max); + } + } } |