mirror of
https://github.com/Pathduck/gallery3.git
synced 2026-05-20 11:29:24 -04:00
84 lines
2.8 KiB
PHP
84 lines
2.8 KiB
PHP
<?php defined("SYSPATH") or die("No direct script access.");
|
|
/**
|
|
* Gallery - a web based photo album viewer and editor
|
|
* Copyright (C) 2000-2008 Bharat Mediratta
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or (at
|
|
* your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
*/
|
|
class user_password {
|
|
|
|
/**
|
|
* Is the password provided correct?
|
|
*
|
|
* @param user User Model
|
|
* @param string $password a plaintext password
|
|
* @return boolean true if the password is correct
|
|
*/
|
|
public static function is_correct_password($user, $password) {
|
|
$valid = $user->password;
|
|
|
|
$salt = substr($valid, 0, 4);
|
|
/* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */
|
|
$guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
|
|
if (!strcmp($guess, $valid)) {
|
|
return true;
|
|
}
|
|
|
|
/* Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */
|
|
$sanitizedPassword = html::specialchars($password, false);
|
|
$guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
|
|
: ($salt . md5($salt . $sanitizedPassword));
|
|
if (!strcmp($guess, $valid)) {
|
|
return true;
|
|
}
|
|
|
|
/* Also support hashes generated by phpass for interoperability with other applications */
|
|
if (strlen($valid) == 34) {
|
|
$hashGenerator = new PasswordHash(10, true);
|
|
return $hashGenerator->CheckPassword($password, $valid);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Create the hashed passwords.
|
|
* @param string $password a plaintext password
|
|
* @return string hashed password
|
|
*/
|
|
public static function hash_password($password) {
|
|
return user_password::_md5Salt($password);
|
|
}
|
|
|
|
/**
|
|
* Create a hashed password using md5 plus salt.
|
|
* @param string $password plaintext password
|
|
* @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
|
|
* @return string hashed password
|
|
*/
|
|
private static function _md5Salt($password, $salt='') {
|
|
if (empty($salt)) {
|
|
for ($i = 0; $i < 4; $i++) {
|
|
$char = mt_rand(48, 109);
|
|
$char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
|
|
$salt .= chr($char);
|
|
}
|
|
} else {
|
|
$salt = substr($salt, 0, 4);
|
|
}
|
|
return $salt . md5($salt . $password);
|
|
}
|
|
}
|