mirror of
https://github.com/silverstripe/silverstripe-comments
synced 2024-10-22 11:05:49 +02:00
commit
832fc8685a
@ -798,9 +798,7 @@ class Comment_SecurityToken {
|
|||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
protected function getToken($salt) {
|
protected function getToken($salt) {
|
||||||
return function_exists('hash_pbkdf2')
|
return hash_pbkdf2('sha256', $this->secret, $salt, 1000, 30);
|
||||||
? hash_pbkdf2('sha256', $this->secret, $salt, 1000, 30)
|
|
||||||
: $this->hash_pbkdf2('sha256', $this->secret, $salt, 100, 30);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -872,41 +870,4 @@ class Comment_SecurityToken {
|
|||||||
if($length !== null) return substr($result, 0, $length);
|
if($length !== null) return substr($result, 0, $length);
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*-----------------------------------------------------------
|
|
||||||
* PBKDF2 Implementation (described in RFC 2898) from php.net
|
|
||||||
*-----------------------------------------------------------
|
|
||||||
* @param string a hash algorithm
|
|
||||||
* @param string p password
|
|
||||||
* @param string s salt
|
|
||||||
* @param int c iteration count (use 1000 or higher)
|
|
||||||
* @param int kl derived key length
|
|
||||||
* @param int st start position of result
|
|
||||||
*
|
|
||||||
* @return string derived key
|
|
||||||
*/
|
|
||||||
private function hash_pbkdf2($a, $p, $s, $c, $kl, $st = 0) {
|
|
||||||
|
|
||||||
$kb = $st + $kl; // Key blocks to compute
|
|
||||||
$dk = ''; // Derived key
|
|
||||||
|
|
||||||
// Create key
|
|
||||||
for($block = 1; $block <= $kb; $block++) {
|
|
||||||
|
|
||||||
// Initial hash for this block
|
|
||||||
$ib = $h = hash_hmac($a, $s . pack('N', $block), $p, true);
|
|
||||||
|
|
||||||
// Perform block iterations
|
|
||||||
for($i = 1; $i < $c; $i++) {
|
|
||||||
// XOR each iterate
|
|
||||||
$ib ^= ($h = hash_hmac($a, $h, $p, true));
|
|
||||||
}
|
|
||||||
|
|
||||||
$dk .= $ib; // Append iterated block
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// Return derived key of correct length
|
|
||||||
return substr($dk, $st, $kl);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -8,6 +8,7 @@
|
|||||||
"email": "will@fullscreen.io"
|
"email": "will@fullscreen.io"
|
||||||
}],
|
}],
|
||||||
"require": {
|
"require": {
|
||||||
|
"assertchris/hash-compat": "~1.0",
|
||||||
"silverstripe/framework": "~3.1",
|
"silverstripe/framework": "~3.1",
|
||||||
"colymba/gridfield-bulk-editing-tools": "~2.1"
|
"colymba/gridfield-bulk-editing-tools": "~2.1"
|
||||||
},
|
},
|
||||||
|
Loading…
Reference in New Issue
Block a user