Joomla Platform  13.1
Documentation des API du framework Joomla Platform
 Tout Classes Espaces de nommage Fichiers Fonctions Variables Pages
simple.php
Aller à la documentation de ce fichier.
1 <?php
2 /**
3  * @package Joomla.Platform
4  * @subpackage Crypt
5  *
6  * @copyright Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
7  * @license GNU General Public License version 2 or later; see LICENSE
8  */
9 
10 defined('JPATH_PLATFORM') or die;
11 
12 /**
13  * Joomla Platform Password Crypter
14  *
15  * @package Joomla.Platform
16  * @subpackage Crypt
17  * @since 12.2
18  */
19 class JCryptPasswordSimple implements JCryptPassword
20 {
21  /**
22  * @var integer The cost parameter for hashing algorithms.
23  * @since 12.2
24  */
25  protected $cost = 10;
26 
27  /**
28  * @var string The default hash type
29  * @since 12.3
30  */
31  protected $defaultType = '$2y$';
32 
33  /**
34  * Creates a password hash
35  *
36  * @param string $password The password to hash.
37  * @param string $type The hash type.
38  *
39  * @return mixed The hashed password or false if the password is too long.
40  *
41  * @since 12.2
42  * @throws InvalidArgumentException
43  */
44  public function create($password, $type = null)
45  {
46  // We set a maximum length to prevent abuse since it is unfiltered and not all controllers check.
47  // 55 is the maximum for bcrypt currently the strongest available method:
48  if (strlen($password) > 55)
49  {
50  JFactory::getApplication()->enqueueMessage(JText::_('JLIB_USER_ERROR_PASSWORD_TOO_LONG'), 'error');
51 
52  return false;
53  }
54 
55  if (empty($type))
56  {
57  $type = $this->defaultType;
58  }
59 
60  switch ($type)
61  {
62  case '$2a$':
63  case JCryptPassword::BLOWFISH:
64  if (JCrypt::hasStrongPasswordSupport())
65  {
66  $type = '$2y$';
67  }
68  else
69  {
70  $type = '$2a$';
71  }
72 
73  $salt = $type . str_pad($this->cost, 2, '0', STR_PAD_LEFT) . '$' . $this->getSalt(22);
74 
75  return crypt($password, $salt);
76 
77  case JCryptPassword::MD5:
78  $salt = $this->getSalt(12);
79 
80  $salt = '$1$' . $salt;
81 
82  return crypt($password, $salt);
83 
84  case JCryptPassword::JOOMLA:
85  $salt = $this->getSalt(32);
86 
87  return md5($password . $salt) . ':' . $salt;
88 
89  default:
90  throw new InvalidArgumentException(sprintf('Hash type %s is not supported', $type));
91  break;
92  }
93  }
94 
95  /**
96  * Sets the cost parameter for the generated hash for algorithms that use a cost factor.
97  *
98  * @param integer $cost The new cost value.
99  *
100  * @return void
101  *
102  * @since 12.2
103  */
104  public function setCost($cost)
105  {
106  $this->cost = $cost;
107  }
108 
109  /**
110  * Generates a salt of specified length. The salt consists of characters in the set [./0-9A-Za-z].
111  *
112  * @param integer $length The number of characters to return.
113  *
114  * @return string The string of random characters.
115  *
116  * @since 12.2
117  */
118  protected function getSalt($length)
119  {
120  $bytes = ceil($length * 6 / 8);
121 
122  $randomData = str_replace('+', '.', base64_encode(JCrypt::genRandomBytes($bytes)));
123 
124  return substr($randomData, 0, $length);
125  }
126 
127  /**
128  * Verifies a password hash
129  *
130  * @param string $password The password to verify.
131  * @param string $hash The password hash to check.
132  *
133  * @return boolean True if the password is valid, false otherwise.
134  *
135  * @since 12.2
136  */
137  public function verify($password, $hash)
138  {
139  // Check if the hash is a blowfish hash.
140  if (substr($hash, 0, 4) == '$2a$' || substr($hash, 0, 4) == '$2y$')
141  {
142  if (JCrypt::hasStrongPasswordSupport())
143  {
144  $type = '$2y$';
145  }
146  else
147  {
148  $type = '$2a$';
149  }
150 
151  $hash = $type . substr($hash, 4);
152 
153  return (crypt($password, $hash) === $hash);
154  }
155 
156  // Check if the hash is an MD5 hash.
157  if (substr($hash, 0, 3) == '$1$')
158  {
159  return (crypt($password, $hash) === $hash);
160  }
161 
162  // Check if the hash is a Joomla hash.
163  if (preg_match('#[a-z0-9]{32}:[A-Za-z0-9]{32}#', $hash) === 1)
164  {
165  return md5($password . substr($hash, 33)) == substr($hash, 0, 32);
166  }
167 
168  return false;
169  }
170 
171  /**
172  * Sets a default type
173  *
174  * @param string $type The value to set as default.
175  *
176  * @return void
177  *
178  * @since 12.3
179  */
180  public function setDefaultType($type)
181  {
182  if (!empty($type))
183  {
184  $this->defaultType = $type;
185  }
186  }
187 
188  /**
189  * Gets the default type
190  *
191  * @return string $type The default type
192  *
193  * @since 12.3
194  */
195  public function getDefaultType()
196  {
197  return $this->defaultType;
198  }
199 }