diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2011-01-15 12:24:14 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2011-01-15 12:24:14 +0100 |
| commit | f91977c212fd1c1645f521f6190e1ec32259f7a2 (patch) | |
| tree | fc4bee4e4a7518cf1356de449b8d423b13a2b19f /inc/auth.php | |
| parent | ef7df687e4ebf910c7eb86b5a8b2a47b9d121917 (diff) | |
| download | rpg-f91977c212fd1c1645f521f6190e1ec32259f7a2.tar.gz rpg-f91977c212fd1c1645f521f6190e1ec32259f7a2.tar.bz2 | |
Added support for Wordpress' password hashing FS#2134
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/inc/auth.php b/inc/auth.php index 83d1d4159..5cdcec830 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -937,6 +937,8 @@ function act_resendpwd(){ * mysql - MySQL password (old method) * my411 - MySQL 4.1.1 password * kmd5 - Salted MD5 hashing as used by UNB + * pmd5 - Salted multi iteration MD5 as used by Wordpress + * hmd5 - Same as pmd5 but PhpBB3 flavour * * @author Andreas Gohr <andi@splitbrain.org> * @return string The crypted password @@ -1016,6 +1018,45 @@ function auth_cryptPassword($clear,$method='',$salt=null){ $hash1 = strtolower(md5($key . md5($clear))); $hash2 = substr($hash1, 0, 16) . $key . substr($hash1, 16); return $hash2; + case 'hmd5': + $key = 'H'; + // hmd5 is exactly the same as pmd5, but uses an H as identifier + // PhpBB3 uses it that way, so we just fall through here + case 'pmd5': + if(!$key) $key = 'P'; + $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; + $iterc = $salt[0]; // pos 0 of salt is iteration count + $iter = strpos($itoa64,$iterc); + $iter = 1 << $iter; + $salt = substr($salt,1,8); + + // iterate + $hash = md5($salt . $clear, true); + do { + $hash = md5($hash . $clear, true); + } while (--$iter); + + // encode + $output = ''; + $count = 16; + $i = 0; + do { + $value = ord($hash[$i++]); + $output .= $itoa64[$value & 0x3f]; + if ($i < $count) + $value |= ord($hash[$i]) << 8; + $output .= $itoa64[($value >> 6) & 0x3f]; + if ($i++ >= $count) + break; + if ($i < $count) + $value |= ord($hash[$i]) << 16; + $output .= $itoa64[($value >> 12) & 0x3f]; + if ($i++ >= $count) + break; + $output .= $itoa64[($value >> 18) & 0x3f]; + } while ($i < $count); + + return '$'.$key.'$'.$iterc.$salt.$output; default: msg("Unsupported crypt method $method",-1); } @@ -1043,6 +1084,12 @@ function auth_verifyPassword($clear,$crypt){ }elseif(preg_match('/^\$apr1\$([^\$]{0,8})\$/',$crypt,$m)){ $method = 'apr1'; $salt = $m[1]; + }elseif(preg_match('/^\$P\$(.{31})$/',$crypt,$m)){ + $method = 'pmd5'; + $salt = $m[1]; + }elseif(preg_match('/^\$H\$(.{31})$/',$crypt,$m)){ + $method = 'hmd5'; + $salt = $m[1]; }elseif(substr($crypt,0,6) == '{SSHA}'){ $method = 'ssha'; $salt = substr(base64_decode(substr($crypt, 6)),20); |