FusionDirectory
class_passwordMethodSsha.inc
Go to the documentation of this file.
1 <?php
2 /*
3  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4 
5  Copyright (C) 2003-2010 Cajus Pollmeier
6  Copyright (C) 2011-2019 FusionDirectory
7 
8  This program is free software; you can redistribute it and/or modify
9  it under the terms of the GNU General Public License as published by
10  the Free Software Foundation; either version 2 of the License, or
11  (at your option) any later version.
12 
13  This program is distributed in the hope that it will be useful,
14  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  GNU General Public License for more details.
17 
18  You should have received a copy of the GNU General Public License
19  along with this program; if not, write to the Free Software
20  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
21 */
22 
32 class passwordMethodSsha extends passwordMethod
33 {
37  function __construct ()
38  {
39  }
40 
46  public function is_available (): bool
47  {
48  return (function_exists('sha1') || function_exists('mhash'));
49  }
50 
59  public function generate_hash (string $pwd, bool $locked = FALSE): string
60  {
61  if (function_exists('sha1')) {
62  $salt = substr(pack('h*', md5(random_int(0, PHP_INT_MAX))), 0, 8);
63  $salt = substr(pack('H*', sha1($salt.$pwd)), 0, 4);
64  $pwd = '{SSHA}'.($locked ? '!' : '').base64_encode(pack('H*', sha1($pwd.$salt)).$salt);
65  } elseif (function_exists('mhash')) {
66  $salt = mhash_keygen_s2k(MHASH_SHA1, $pwd, substr(pack('h*', md5(random_int(0, PHP_INT_MAX))), 0, 8), 4);
67  $pwd = '{SSHA}'.($locked ? '!' : '').base64_encode(mhash(MHASH_SHA1, $pwd.$salt).$salt);
68  } else {
69  throw new FusionDirectoryException(msgPool::missingext('mhash'));
70  }
71  return $pwd;
72  }
73 
74  function checkPassword ($pwd, $hash): bool
75  {
76  $hash = base64_decode(substr($hash, 6));
77  $salt = substr($hash, 20);
78  $hash = substr($hash, 0, 20);
79  if (function_exists('sha1')) {
80  $nhash = pack('H*', sha1($pwd . $salt));
81  } elseif (function_exists('mhash')) {
82  $nhash = mhash(MHASH_SHA1, $pwd.$salt);
83  } else {
84  $error = new FusionDirectoryError(msgPool::missingext('mhash'));
85  $error->display();
86  return FALSE;
87  }
88  return ($nhash == $hash);
89  }
90 
94  static function get_hash_name ()
95  {
96  return 'ssha';
97  }
98 }
passwordMethodSsha\get_hash_name
static get_hash_name()
Get the hash name.
Definition: class_passwordMethodSsha.inc:94
passwordMethodSsha\__construct
__construct()
passwordMethodSsha Constructor
Definition: class_passwordMethodSsha.inc:37
passwordMethodSsha
This class contains all the functions for ssha password method.
Definition: class_passwordMethodSsha.inc:32
FusionDirectoryException
Parent class for all exceptions thrown in FusionDirectory.
Definition: class_exceptions.inc:29
msgPool\missingext
static missingext($name)
Display about missing PHP extension.
Definition: class_msgPool.inc:282
passwordMethod
This class contains all the basic function for password methods.
Definition: class_passwordMethod.inc:31
FusionDirectoryError
Parent class for all errors in FusionDirectory.
Definition: class_FusionDirectoryError.inc:24
passwordMethodSsha\generate_hash
generate_hash(string $pwd, bool $locked=FALSE)
Generate template hash.
Definition: class_passwordMethodSsha.inc:59
Generated on Mon Feb 24 2025 17:39:36 for FusionDirectory by   doxygen 1.8.13