diff options
| author | andi <andi@splitbrain.org> | 2005-05-13 17:22:48 +0200 |
|---|---|---|
| committer | andi <andi@splitbrain.org> | 2005-05-13 17:22:48 +0200 |
| commit | b0855b1105f25b1fbd686606588297104def6d3c (patch) | |
| tree | bcc864d497dfb88d422936af94f5cf40da1daec7 /inc/auth.php | |
| parent | b000c6d4d26cd8f0e24a02811dac7080f3288cb4 (diff) | |
| download | rpg-b0855b1105f25b1fbd686606588297104def6d3c.tar.gz rpg-b0855b1105f25b1fbd686606588297104def6d3c.tar.bz2 | |
multiple hash methods for passwords
This patch allows the method for hashing (onewaycrypting) the user passwords to
be set with $conf['passcrypt']. Available are MD5, salted MD5, SHA1 salted SHA1 (SSHA)
and the old Unix crypt (2 char seed).
This change was inspired by a mail from Chris Brotherton (thanks for making me think about this)
darcs-hash:20050513152248-9977f-2358b26449ed865a981c8558308a2857ba17c12f.gz
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/inc/auth.php b/inc/auth.php index a53b77bef..6be220cf5 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -438,6 +438,81 @@ function isvalidemail($email){ return eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,4}$", $email); } +/** + * Encrypts a password using the given method and salt + * + * If the selected method needs a salt and none was given, a random one + * is chosen. + * + * The following methods are understood: + * + * smd5 - Salted MD5 hashing + * md5 - Simple MD5 hashing + * sha1 - SHA1 hashing + * ssha - Salted SHA1 hashing + * + * @author Andreas Gohr <andi@splitbrain.org> + * @return string The crypted password + */ +function auth_cryptPassword($clear,$method='',$salt=''){ + global $conf; + if(empty($method)) $method = $conf['passcrypt']; + + //prepare a salt + if(empty($salt)) $salt = md5(uniqid(rand(), true)); + + switch(strtolower($method)){ + case 'smd5': + return crypt($clear,'$1$'.substr($salt,0,8).'$'); + case 'md5': + return md5($clear); + case 'sha1': + return sha1($clear); + case 'ssha': + $salt=substr($salt,0,4); + return '{SSHA}'.base64_encode(pack("H*", sha1($password.$salt)).$salt); + case 'crypt': + return crypt($clear,substr($salt,0,2)); + default: + msg("Unsupported crypt method $method",-1); + } +} + +/** + * Verifies a cleartext password against a crypted hash + * + * The method and salt used for the crypted hash is determined automatically + * then the clear text password is crypted using the same method. If both hashs + * match true is is returned else false + * + * @author Andreas Gohr <andi@splitbrain.org> + * @return bool + */ +function auth_verifyPassword($clear,$crypt){ + $method=''; + $salt=''; + + //determine the used method and salt + if(substr($crypt,0,3) == '$1$'){ + $method = 'smd5'; + $salt = substr($crypt,3,8); + }elseif(substr($crypt,0,6) == '{SSHA}'){ + $method = 'ssha'; + $salt = substr(base64_decode(substr($crypt, 6)),20); + }elseif(strlen($crypt) == 32){ + $method = 'md5'; + }elseif(strlen($crypt) == 40){ + $method = 'sha1'; + }else{ + $method = 'crypt'; + $salt = substr($crypt,0,2); + } + //crypt and compare + if(auth_cryptPassword($clear,$method,$salt) === $crypt){ + return true; + } + return false; +} //Setup VIM: ex: et ts=2 enc=utf-8 : |