mirror of
https://github.com/e107inc/e107.git
synced 2025-08-11 00:54:49 +02:00
Code cleanup
This commit is contained in:
Cameron
@@ -98,7 +98,7 @@ class ExtendedPasswordHandler extends UserHandler
|
||||
*/
|
||||
private function get_random_bytes($count)
|
||||
{
|
||||
$this->random_state = md5($this->random_state.microtime().mt_rand(0,10000)); // This will 'auto seed'
|
||||
$this->random_state = md5($this->random_state.microtime().random_int(0,10000)); // This will 'auto seed'
|
||||
|
||||
$output = '';
|
||||
for ($i = 0; $i < $count; $i += 16)
|
||||
@@ -211,10 +211,10 @@ class ExtendedPasswordHandler extends UserHandler
|
||||
*/
|
||||
public function getPasswordTypes($includeExtended = TRUE)
|
||||
{
|
||||
$vals = array();
|
||||
$vals = array(
|
||||
'md5' => IMPORTDB_LAN_7,
|
||||
'e107_salt' => IMPORTDB_LAN_8); // Methods supported in core
|
||||
$vals = array( // Methods supported in core
|
||||
'md5' => IMPORTDB_LAN_7,
|
||||
'e107_salt' => IMPORTDB_LAN_8
|
||||
);
|
||||
|
||||
if ($includeExtended)
|
||||
{
|
||||
@@ -266,7 +266,7 @@ class ExtendedPasswordHandler extends UserHandler
|
||||
/**
|
||||
* Extension of password validation to handle more types
|
||||
*
|
||||
* @param string $pword - plaintext password as entered by user
|
||||
* @param string $password - plaintext password as entered by user
|
||||
* @param string $login_name - string used to log in (could actually be email address)
|
||||
* @param string $stored_hash - required value for password to match
|
||||
* @param integer $password_type - constant specifying the type of password to check against
|
||||
@@ -276,19 +276,19 @@ class ExtendedPasswordHandler extends UserHandler
|
||||
* PASSWORD_VALID if valid password
|
||||
* Return a new hash to store if valid password but non-preferred encoding
|
||||
*/
|
||||
public function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE)
|
||||
public function CheckPassword($password, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE)
|
||||
{
|
||||
switch ($password_type)
|
||||
{
|
||||
case self::PASSWORD_GENERAL_MD5 :
|
||||
case self::PASSWORD_E107_MD5 :
|
||||
$pwHash = md5($pword);
|
||||
$pwHash = md5($password);
|
||||
|
||||
break;
|
||||
|
||||
case self::PASSWORD_GENERAL_SHA1 :
|
||||
if (strlen($stored_hash) != 40) return PASSWORD_INVALID;
|
||||
$pwHash = sha1($pword);
|
||||
$pwHash = sha1($password);
|
||||
break;
|
||||
|
||||
case self::PASSWORD_JOOMLA_SALT :
|
||||
@@ -298,8 +298,8 @@ class ExtendedPasswordHandler extends UserHandler
|
||||
return PASSWORD_INVALID;
|
||||
}
|
||||
// Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe)
|
||||
list($hash, $salt) = explode(':', $stored_hash);
|
||||
$pwHash = md5($pword.$salt);
|
||||
list($hash, $salt) = explode(':', $stored_hash);
|
||||
$pwHash = md5($password.$salt);
|
||||
$stored_hash = $hash;
|
||||
break;
|
||||
|
||||
@@ -320,20 +320,20 @@ class ExtendedPasswordHandler extends UserHandler
|
||||
//return PASSWORD_INVALID;
|
||||
// }
|
||||
|
||||
$pwHash = $salt ? md5($salt.$pword) : md5($pword);
|
||||
$pwHash = $salt ? md5($salt.$password) : md5($password);
|
||||
$stored_hash = $hash;
|
||||
break;
|
||||
|
||||
case self::PASSWORD_E107_SALT :
|
||||
//return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash);
|
||||
return parent::CheckPassword($pword, $login_name, $stored_hash);
|
||||
return parent::CheckPassword($password, $login_name, $stored_hash);
|
||||
break;
|
||||
|
||||
case self::PASSWORD_PHPBB_SALT :
|
||||
case self::PASSWORD_WORDPRESS_SALT :
|
||||
if (strlen($stored_hash) != 34) return PASSWORD_INVALID;
|
||||
$pwHash = $this->crypt_private($pword, $stored_hash, $password_type);
|
||||
if ($pwHash[0] == '*')
|
||||
$pwHash = $this->crypt_private($password, $stored_hash, $password_type);
|
||||
if ($pwHash[0] === '*')
|
||||
{
|
||||
return PASSWORD_INVALID;
|
||||
}
|
||||
@@ -346,19 +346,19 @@ class ExtendedPasswordHandler extends UserHandler
|
||||
|
||||
if (strlen($hash) !== 32)
|
||||
{
|
||||
$pwHash = hash_hmac('sha256',$pword, $salt);
|
||||
$pwHash = hash_hmac('sha256',$password, $salt);
|
||||
}
|
||||
else
|
||||
{
|
||||
e107::getMessage()->addDebug("PHPFusion Md5 Hash Detected ");
|
||||
$pwHash = md5(md5($pword));
|
||||
$pwHash = md5(md5($password));
|
||||
}
|
||||
|
||||
$stored_hash = $hash;
|
||||
break;
|
||||
|
||||
case self::PASSWORD_PLAINTEXT :
|
||||
$pwHash = $pword;
|
||||
$pwHash = $password;
|
||||
break;
|
||||
|
||||
|
||||
@@ -379,7 +379,7 @@ class ExtendedPasswordHandler extends UserHandler
|
||||
password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('".$this->db->escape($password)."')))
|
||||
*/
|
||||
//$pwHash = $salt ? md5($salt.$pword) : md5($pword);
|
||||
$pwHash = sha1($salt.sha1($salt.sha1($pword)));
|
||||
$pwHash = sha1($salt.sha1($salt.sha1($password)));
|
||||
$stored_hash = $hash;
|
||||
break;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user