mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-06-28 15:39:40 +02:00
Merge pull request #411 from ajoneil/blowfish
MINOR: Fix coding conventions
This commit is contained in:
Ingo Schommer
commit
15e8e10f5e
|
|
@ -150,74 +150,74 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
|
|||
// See: http://nz.php.net/security/crypt_blowfish.php
|
||||
// There are three version of the algorithm - y, a and x, in order
|
||||
// of decreasing security. Attempt to use the strongest version.
|
||||
$encrypted_password = $this->encrypt_y($password, $salt);
|
||||
if(!$encrypted_password) {
|
||||
$encrypted_password = $this->encrypt_a($password, $salt);
|
||||
$encryptedPassword = $this->encryptY($password, $salt);
|
||||
if(!$encryptedPassword) {
|
||||
$encryptedPassword = $this->encryptA($password, $salt);
|
||||
}
|
||||
if(!$encrypted_password) {
|
||||
$encrypted_password = $this->encrypt_x($password, $salt);
|
||||
if(!$encryptedPassword) {
|
||||
$encryptedPassword = $this->encryptX($password, $salt);
|
||||
}
|
||||
|
||||
// We *never* want to generate blank passwords. If something
|
||||
// goes wrong, throw an exception.
|
||||
if(strpos($encrypted_password, '$2') === false) {
|
||||
if(strpos($encryptedPassword, '$2') === false) {
|
||||
throw new PasswordEncryptor_EncryptionFailed('Blowfish password encryption failed.');
|
||||
}
|
||||
|
||||
return $encrypted_password;
|
||||
return $encryptedPassword;
|
||||
}
|
||||
|
||||
function encrypt_x($password, $salt) {
|
||||
$method_and_salt = '$2x$' . $salt;
|
||||
$encrypted_password = crypt($password, $method_and_salt);
|
||||
function encryptX($password, $salt) {
|
||||
$methodAndSalt = '$2x$' . $salt;
|
||||
$encryptedPassword = crypt($password, $methodAndSalt);
|
||||
|
||||
if(strpos($encrypted_password, '$2x$') === 0) {
|
||||
return $encrypted_password;
|
||||
if(strpos($encryptedPassword, '$2x$') === 0) {
|
||||
return $encryptedPassword;
|
||||
}
|
||||
|
||||
// Check if system a is actually x, and if available, use that.
|
||||
if($this->what_is_a() == 'x') {
|
||||
$method_and_salt = '$2a$' . $salt;
|
||||
$encrypted_password = crypt($password, $method_and_salt);
|
||||
if($this->checkAEncryptionLevel() == 'x') {
|
||||
$methodAndSalt = '$2a$' . $salt;
|
||||
$encryptedPassword = crypt($password, $methodAndSalt);
|
||||
|
||||
if(strpos($encrypted_password, '$2a$') === 0) {
|
||||
$encrypted_password = '$2x$' . substr($encrypted_password, strlen('$2a$'));
|
||||
return $encrypted_password;
|
||||
if(strpos($encryptedPassword, '$2a$') === 0) {
|
||||
$encryptedPassword = '$2x$' . substr($encryptedPassword, strlen('$2a$'));
|
||||
return $encryptedPassword;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function encrypt_y($password, $salt) {
|
||||
$method_and_salt = '$2y$' . $salt;
|
||||
$encrypted_password = crypt($password, $method_and_salt);
|
||||
function encryptY($password, $salt) {
|
||||
$methodAndSalt = '$2y$' . $salt;
|
||||
$encryptedPassword = crypt($password, $methodAndSalt);
|
||||
|
||||
if(strpos($encrypted_password, '$2y$') === 0) {
|
||||
return $encrypted_password;
|
||||
if(strpos($encryptedPassword, '$2y$') === 0) {
|
||||
return $encryptedPassword;
|
||||
}
|
||||
|
||||
// Check if system a is actually y, and if available, use that.
|
||||
if($this->what_is_a() == 'y') {
|
||||
$method_and_salt = '$2a$' . $salt;
|
||||
$encrypted_password = crypt($password, $method_and_salt);
|
||||
if($this->checkAEncryptionLevel() == 'y') {
|
||||
$methodAndSalt = '$2a$' . $salt;
|
||||
$encryptedPassword = crypt($password, $methodAndSalt);
|
||||
|
||||
if(strpos($encrypted_password, '$2a$') === 0) {
|
||||
$encrypted_password = '$2y$' . substr($encrypted_password, strlen('$2a$'));
|
||||
return $encrypted_password;
|
||||
if(strpos($encryptedPassword, '$2a$') === 0) {
|
||||
$encryptedPassword = '$2y$' . substr($encryptedPassword, strlen('$2a$'));
|
||||
return $encryptedPassword;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function encrypt_a($password, $salt) {
|
||||
if($this->what_is_a() == 'a') {
|
||||
$method_and_salt = '$2a$' . $salt;
|
||||
$encrypted_password = crypt($password, $method_and_salt);
|
||||
function encryptA($password, $salt) {
|
||||
if($this->checkAEncryptionLevel() == 'a') {
|
||||
$methodAndSalt = '$2a$' . $salt;
|
||||
$encryptedPassword = crypt($password, $methodAndSalt);
|
||||
|
||||
if(strpos($encrypted_password, '$2a$') === 0) {
|
||||
return $encrypted_password;
|
||||
if(strpos($encryptedPassword, '$2a$') === 0) {
|
||||
return $encryptedPassword;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -230,16 +230,16 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
|
|||
* version, depending on the version of PHP and the operating system,
|
||||
* so we need to test it.
|
||||
*/
|
||||
function what_is_a() {
|
||||
function checkAEncryptionLevel() {
|
||||
// Test hashes taken from http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/glibc/crypt_blowfish/wrapper.c?rev=1.9.2.1;content-type=text%2Fplain
|
||||
$x_or_y = crypt("\xff\xa334\xff\xff\xff\xa3345", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi') == '$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi';
|
||||
$y_or_a = crypt("\xa3", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq') == '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq';
|
||||
$xOrY = crypt("\xff\xa334\xff\xff\xff\xa3345", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi') == '$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi';
|
||||
$yOrA = crypt("\xa3", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq') == '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq';
|
||||
|
||||
if($x_or_y && $y_or_a) {
|
||||
if($xOrY && $yOrA) {
|
||||
return 'y';
|
||||
} elseif($x_or_y) {
|
||||
} elseif($xOrY) {
|
||||
return 'x';
|
||||
} elseif($y_or_a) {
|
||||
} elseif($yOrA) {
|
||||
return 'a';
|
||||
}
|
||||
|
||||
|
|
@ -253,11 +253,11 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
|
|||
|
||||
function check($hash, $password, $salt = null, $member = null) {
|
||||
if(strpos($hash, '$2y$') === 0) {
|
||||
return $hash === $this->encrypt_y($password, $salt);
|
||||
return $hash === $this->encryptY($password, $salt);
|
||||
} elseif(strpos($hash, '$2a$') === 0) {
|
||||
return $hash === $this->encrypt_a($password, $salt);
|
||||
return $hash === $this->encryptA($password, $salt);
|
||||
} elseif(strpos($hash, '$2x$') === 0) {
|
||||
return $hash === $this->encrypt_x($password, $salt);
|
||||
return $hash === $this->encryptX($password, $salt);
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ class PasswordEncryptorTest extends SapphireTest {
|
|||
$password = 'mypassword';
|
||||
$salt = '10$mysaltmustbetwen2chars';
|
||||
|
||||
$this->assertTrue($e->what_is_a() == 'y' || $e->what_is_a() == 'x' || $e->what_is_a() == 'a');
|
||||
$this->assertTrue($e->checkAEncryptionLevel() == 'y' || $e->checkAEncryptionLevel() == 'x' || $e->checkAEncryptionLevel() == 'a');
|
||||
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
|
||||
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
|
||||
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", '10$anothersaltetwen2chars'));
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user