Merge branch 'master' into htmlmail

* master: (382 commits) Romanian language update Marathi language update Arabic Language Update when there's not enough space for images, make sure they stay proportional (might be FS#2480) added minimal RTL print styles (part of FS#2185) moved plugins' rtl.css to their style.css counterpart (part of FS#2185) removed all browser-specific gradients as the recently (in 42ff6730) introduced svg makes them unnecessary removed comments from accidentally commented lines in tpl_includeFile() removed obsolete template file added tpl_includeFile() to core Make getTitle method in remote interface public Changed an error code in XML-RPC interface. This error hasn't anything to do with the rest of the -32600 errors. BG: language update Korean language update fixed performance issues with gradient in Firefox (which also added gradient support for IE9) (FS#2447) deleted very old (and unused) images added accidentally removed '<?php' back in (was in 57fc5edd) wrapped X-UA-Compatible meta tag with conditional comments added explanation to todo in _forms.css removed problematic 'overflow: hidden' from lists again ('unfixes' FS#1950) ... Conflicts: inc/auth.php inc/load.php
author: Andreas Gohr <andi@splitbrain.org> 2012-04-15 13:45:45 +0200
committer: Andreas Gohr <andi@splitbrain.org> 2012-04-15 13:45:45 +0200
commit: ae7c596cf4e6a0a09ebcf01fe8ae98789360c5be (patch)
tree: f156252e404e9893922cb5d984fdc646644b6c17 /inc/PassHash.class.php
parent: f41c79d730286e8e8c95deb88a4c876e08e278a2 (diff)
parent: 026b314868ee80aca644bf4107f78d8e8052b43e (diff)
download: rpg-ae7c596cf4e6a0a09ebcf01fe8ae98789360c5be.tar.gz
rpg-ae7c596cf4e6a0a09ebcf01fe8ae98789360c5be.tar.bz2
1 files changed, 54 insertions, 1 deletions
diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php
index 31493c022..3fb1349d2 100644
--- a/inc/PassHash.class.php
+++ b/inc/PassHash.class.php
@@ -47,9 +47,15 @@ class PassHash {
         }elseif(preg_match('/^md5\$(.{5})\$/',$hash,$m)){
             $method = 'djangomd5';
             $salt   = $m[1];
+        }elseif(preg_match('/^\$2a\$(.{2})\$/',$hash,$m)){
+            $method = 'bcrypt';
+            $salt   = $hash;
         }elseif(substr($hash,0,6) == '{SSHA}'){
             $method = 'ssha';
             $salt   = substr(base64_decode(substr($hash, 6)),20);
+        }elseif(substr($hash,0,6) == '{SMD5}'){
+            $method = 'lsmd5';
+            $salt   = substr(base64_decode(substr($hash, 6)),16);
         }elseif($len == 32){
             $method = 'md5';
         }elseif($len == 40){
@@ -82,7 +88,9 @@ class PassHash {
     public function gen_salt($len=32){
         $salt  = '';
         $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
-        for($i=0;$i<$len;$i++) $salt .= $chars[mt_rand(0,61)];
+        for($i=0; $i<$len; $i++){
+            $salt .= $chars[mt_rand(0,61)];
+        }
         return $salt;
     }
 
@@ -130,6 +138,20 @@ class PassHash {
         }
     }
 
+
+    /**
+     * Password hashing method 'lsmd5'
+     *
+     * Uses salted MD5 hashs. Salt is 8 bytes long.
+     *
+     * This is the format used by LDAP.
+     */
+    public function hash_lsmd5($clear, $salt=null){
+        $this->init_salt($salt,8);
+        return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt);
+    }
+
+
     /**
      * Password hashing method 'apr1'
      *
@@ -379,4 +401,35 @@ class PassHash {
         return 'md5$'.$salt.'$'.md5($salt.$clear);
     }
 
+
+    /**
+     * Passwordhashing method 'bcrypt'
+     *
+     * Uses a modified blowfish algorithm called eksblowfish
+     * This method works on PHP 5.3+ only and will throw an exception
+     * if the needed crypt support isn't available
+     *
+     * A full hash should be given as salt (starting with $a2$) or this
+     * will break. When no salt is given, the iteration count can be set
+     * through the $compute variable.
+     *
+     * @param string $clear - the clear text to hash
+     * @param string $salt  - the salt to use, null for random
+     * @param int  $compute - the iteration count (between 4 and 31)
+     * @returns string - hashed password
+     */
+    public function hash_bcrypt($clear, $salt=null, $compute=8){
+        if(!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH != 1){
+            throw new Exception('This PHP installation has no bcrypt support');
+        }
+
+        if(is_null($salt)){
+            if($compute < 4 || $compute > 31) $compute = 8;
+            $salt = '$2a$'.str_pad($compute, 2, '0', STR_PAD_LEFT).'$'.
+                    $this->gen_salt(22);
+        }
+
+        return crypt($clear, $salt);
+    }
+
 }
author	Andreas Gohr <andi@splitbrain.org>	2012-04-15 13:45:45 +0200
committer	Andreas Gohr <andi@splitbrain.org>	2012-04-15 13:45:45 +0200
commit	ae7c596cf4e6a0a09ebcf01fe8ae98789360c5be (patch)
tree	f156252e404e9893922cb5d984fdc646644b6c17 /inc/PassHash.class.php
parent	f41c79d730286e8e8c95deb88a4c876e08e278a2 (diff)
parent	026b314868ee80aca644bf4107f78d8e8052b43e (diff)
download	rpg-ae7c596cf4e6a0a09ebcf01fe8ae98789360c5be.tar.gz rpg-ae7c596cf4e6a0a09ebcf01fe8ae98789360c5be.tar.bz2