alazhar/joomla_test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
alazhar
2020-01-02 22:20:31 +07:00
commit 10eb3340ad
5753 changed files with 631345 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
libraries/joomla/crypt/cipher.php Normal file
View File

@ -0,0 +1,55 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* JCrypt cipher interface.
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.1
*/
interface JCryptCipher
{
/**
* Method to decrypt a data string.
*
* @param string $data The encrypted string to decrypt.
* @param JCryptKey $key The key[/pair] object to use for decryption.
*
* @return string The decrypted data string.
*
* @since 12.1
*/
public function decrypt($data, JCryptKey $key);
/**
* Method to encrypt a data string.
*
* @param string $data The data string to encrypt.
* @param JCryptKey $key The key[/pair] object to use for encryption.
*
* @return string The encrypted data string.
*
* @since 12.1
*/
public function encrypt($data, JCryptKey $key);
/**
* Method to generate a new encryption key[/pair] object.
*
* @param array $options Key generation options.
*
* @return JCryptKey
*
* @since 12.1
*/
public function generateKey(array $options = array());
}

40
libraries/joomla/crypt/cipher/3des.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* JCrypt cipher for Triple DES encryption, decryption and key generation.
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.1
*/
class JCryptCipher3DES extends JCryptCipherMcrypt
{
/**
* @var integer The mcrypt cipher constant.
* @see http://www.php.net/manual/en/mcrypt.ciphers.php
* @since 12.1
*/
protected $type = MCRYPT_3DES;
/**
* @var integer The mcrypt block cipher mode.
* @see http://www.php.net/manual/en/mcrypt.constants.php
* @since 12.1
*/
protected $mode = MCRYPT_MODE_CBC;
/**
* @var string The JCrypt key type for validation.
* @since 12.1
*/
protected $keyType = '3des';
}

40
libraries/joomla/crypt/cipher/blowfish.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* JCrypt cipher for Blowfish encryption, decryption and key generation.
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.1
*/
class JCryptCipherBlowfish extends JCryptCipherMcrypt
{
/**
* @var integer The mcrypt cipher constant.
* @see http://www.php.net/manual/en/mcrypt.ciphers.php
* @since 12.1
*/
protected $type = MCRYPT_BLOWFISH;
/**
* @var integer The mcrypt block cipher mode.
* @see http://www.php.net/manual/en/mcrypt.constants.php
* @since 12.1
*/
protected $mode = MCRYPT_MODE_CBC;
/**
* @var string The JCrypt key type for validation.
* @since 12.1
*/
protected $keyType = 'blowfish';
}

1
libraries/joomla/crypt/cipher/index.html Normal file
View File

@ -0,0 +1 @@
<!DOCTYPE html><title></title>

175
libraries/joomla/crypt/cipher/mcrypt.php Normal file
View File

@ -0,0 +1,175 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* JCrypt cipher for mcrypt algorithm encryption, decryption and key generation.
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.1
*/
abstract class JCryptCipherMcrypt implements JCryptCipher
{
/**
* @var integer The mcrypt cipher constant.
* @see http://www.php.net/manual/en/mcrypt.ciphers.php
* @since 12.1
*/
protected $type;
/**
* @var integer The mcrypt block cipher mode.
* @see http://www.php.net/manual/en/mcrypt.constants.php
* @since 12.1
*/
protected $mode;
/**
* @var string The JCrypt key type for validation.
* @since 12.1
*/
protected $keyType;
/**
* Constructor.
*
* @since 12.1
* @throws RuntimeException
*/
public function __construct()
{
if (!is_callable('mcrypt_encrypt'))
{
throw new RuntimeException('The mcrypt extension is not available.');
}
}
/**
* Method to decrypt a data string.
*
* @param string $data The encrypted string to decrypt.
* @param JCryptKey $key The key object to use for decryption.
*
* @return string The decrypted data string.
*
* @since 12.1
*/
public function decrypt($data, JCryptKey $key)
{
// Validate key.
if ($key->type != $this->keyType)
{
throw new InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected ' . $this->keyType . '.');
}
// Decrypt the data.
$decrypted = trim(mcrypt_decrypt($this->type, $key->private, $data, $this->mode, $key->public));
return $decrypted;
}
/**
* Method to encrypt a data string.
*
* @param string $data The data string to encrypt.
* @param JCryptKey $key The key object to use for encryption.
*
* @return string The encrypted data string.
*
* @since 12.1
*/
public function encrypt($data, JCryptKey $key)
{
// Validate key.
if ($key->type != $this->keyType)
{
throw new InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected ' . $this->keyType . '.');
}
// Encrypt the data.
$encrypted = mcrypt_encrypt($this->type, $key->private, $data, $this->mode, $key->public);
return $encrypted;
}
/**
* Method to generate a new encryption key object.
*
* @param array $options Key generation options.
*
* @return JCryptKey
*
* @since 12.1
*/
public function generateKey(array $options = array())
{
// Create the new encryption key object.
$key = new JCryptKey($this->keyType);
// Generate an initialisation vector based on the algorithm.
$key->public = mcrypt_create_iv(mcrypt_get_iv_size($this->type, $this->mode));
// Get the salt and password setup.
$salt = (isset($options['salt'])) ? $options['salt'] : substr(pack("h*", md5(mt_rand())), 0, 16);
$password = (isset($options['password'])) ? $options['password'] : 'J00ml4R0ck$!';
// Generate the derived key.
$key->private = $this->pbkdf2($password, $salt, mcrypt_get_key_size($this->type, $this->mode));
return $key;
}
/**
* PBKDF2 Implementation for deriving keys.
*
* @param string $p Password
* @param string $s Salt
* @param integer $kl Key length
* @param integer $c Iteration count
* @param string $a Hash algorithm
*
* @return string The derived key.
*
* @see http://en.wikipedia.org/wiki/PBKDF2
* @see http://www.ietf.org/rfc/rfc2898.txt
* @since 12.1
*/
public function pbkdf2($p, $s, $kl, $c = 10000, $a = 'sha256')
{
// Hash length.
$hl = strlen(hash($a, null, true));
// Key blocks to compute.
$kb = ceil($kl / $hl);
// Derived key.
$dk = '';
// Create the key.
for ($block = 1; $block <= $kb; $block++)
{
// Initial hash for this block.
$ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true);
// Perform block iterations.
for ($i = 1; $i < $c; $i++)
{
$ib ^= ($b = hash_hmac($a, $b, $p, true));
}
// Append the iterated block.
$dk .= $ib;
}
// Return derived key of correct length.
return substr($dk, 0, $kl);
}
}

40
libraries/joomla/crypt/cipher/rijndael256.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* JCrypt cipher for Rijndael 256 encryption, decryption and key generation.
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.1
*/
class JCryptCipherRijndael256 extends JCryptCipherMcrypt
{
/**
* @var integer The mcrypt cipher constant.
* @see http://www.php.net/manual/en/mcrypt.ciphers.php
* @since 12.1
*/
protected $type = MCRYPT_RIJNDAEL_256;
/**
* @var integer The mcrypt block cipher mode.
* @see http://www.php.net/manual/en/mcrypt.constants.php
* @since 12.1
*/
protected $mode = MCRYPT_MODE_CBC;
/**
* @var string The JCrypt key type for validation.
* @since 12.1
*/
protected $keyType = 'rijndael256';
}

284
libraries/joomla/crypt/cipher/simple.php Normal file
View File

@ -0,0 +1,284 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* JCrypt cipher for Simple encryption, decryption and key generation.
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.1
*/
class JCryptCipherSimple implements JCryptCipher
{
/**
* Method to decrypt a data string.
*
* @param string $data The encrypted string to decrypt.
* @param JCryptKey $key The key[/pair] object to use for decryption.
*
* @return string The decrypted data string.
*
* @since 12.1
* @throws InvalidArgumentException
*/
public function decrypt($data, JCryptKey $key)
{
// Validate key.
if ($key->type != 'simple')
{
throw new InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected simple.');
}
$decrypted = '';
$tmp = $key->public;
// Convert the HEX input into an array of integers and get the number of characters.
$chars = $this->_hexToIntArray($data);
$charCount = count($chars);
// Repeat the key as many times as necessary to ensure that the key is at least as long as the input.
for ($i = 0; $i < $charCount; $i = strlen($tmp))
{
$tmp = $tmp . $tmp;
}
// Get the XOR values between the ASCII values of the input and key characters for all input offsets.
for ($i = 0; $i < $charCount; $i++)
{
$decrypted .= chr($chars[$i] ^ ord($tmp[$i]));
}
return $decrypted;
}
/**
* Method to encrypt a data string.
*
* @param string $data The data string to encrypt.
* @param JCryptKey $key The key[/pair] object to use for encryption.
*
* @return string The encrypted data string.
*
* @since 12.1
* @throws InvalidArgumentException
*/
public function encrypt($data, JCryptKey $key)
{
// Validate key.
if ($key->type != 'simple')
{
throw new InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected simple.');
}
$encrypted = '';
$tmp = $key->private;
// Split up the input into a character array and get the number of characters.
$chars = preg_split('//', $data, -1, PREG_SPLIT_NO_EMPTY);
$charCount = count($chars);
// Repeat the key as many times as necessary to ensure that the key is at least as long as the input.
for ($i = 0; $i < $charCount; $i = strlen($tmp))
{
$tmp = $tmp . $tmp;
}
// Get the XOR values between the ASCII values of the input and key characters for all input offsets.
for ($i = 0; $i < $charCount; $i++)
{
$encrypted .= $this->_intToHex(ord($tmp[$i]) ^ ord($chars[$i]));
}
return $encrypted;
}
/**
* Method to generate a new encryption key[/pair] object.
*
* @param array $options Key generation options.
*
* @return JCryptKey
*
* @since 12.1
*/
public function generateKey(array $options = array())
{
// Create the new encryption key[/pair] object.
$key = new JCryptKey('simple');
// Just a random key of a given length.
$key->private = $this->_getRandomKey();
$key->public = $key->private;
return $key;
}
/**
* Method to generate a random key of a given length.
*
* @param integer $length The length of the key to generate.
*
* @return string
*
* @since 12.1
*/
private function _getRandomKey($length = 256)
{
$key = '';
$salt = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$saltLength = strlen($salt);
// Build the random key.
for ($i = 0; $i < $length; $i++)
{
$key .= $salt[mt_rand(0, $saltLength - 1)];
}
return $key;
}
/**
* Convert hex to an integer
*
* @param string $s The hex string to convert.
* @param integer $i The offset?
*
* @return integer
*
* @since 11.1
*/
private function _hexToInt($s, $i)
{
$j = (int) $i * 2;
$k = 0;
$s1 = (string) $s;
// Get the character at position $j.
$c = substr($s1, $j, 1);
// Get the character at position $j + 1.
$c1 = substr($s1, $j + 1, 1);
switch ($c)
{
case 'A':
$k += 160;
break;
case 'B':
$k += 176;
break;
case 'C':
$k += 192;
break;
case 'D':
$k += 208;
break;
case 'E':
$k += 224;
break;
case 'F':
$k += 240;
break;
case ' ':
$k += 0;
break;
default:
(int) $k = $k + (16 * (int) $c);
break;
}
switch ($c1)
{
case 'A':
$k += 10;
break;
case 'B':
$k += 11;
break;
case 'C':
$k += 12;
break;
case 'D':
$k += 13;
break;
case 'E':
$k += 14;
break;
case 'F':
$k += 15;
break;
case ' ':
$k += 0;
break;
default:
$k += (int) $c1;
break;
}
return $k;
}
/**
* Convert hex to an array of integers
*
* @param string $hex The hex string to convert to an integer array.
*
* @return array An array of integers.
*
* @since 11.1
*/
private function _hexToIntArray($hex)
{
$array = array();
$j = (int) strlen($hex) / 2;
for ($i = 0; $i < $j; $i++)
{
$array[$i] = (int) $this->_hexToInt($hex, $i);
}
return $array;
}
/**
* Convert an integer to a hexadecimal string.
*
* @param integer $i An integer value to convert to a hex string.
*
* @return string
*
* @since 11.1
*/
private function _intToHex($i)
{
// Sanitize the input.
$i = (int) $i;
// Get the first character of the hexadecimal string if there is one.
$j = (int) ($i / 16);
if ($j === 0)
{
$s = ' ';
}
else
{
$s = strtoupper(dechex($j));
}
// Get the second character of the hexadecimal string.
$k = $i - $j * 16;
$s = $s . strtoupper(dechex($k));
return $s;
}
}

252
libraries/joomla/crypt/crypt.php Normal file
View File

@ -0,0 +1,252 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* JCrypt is a Joomla Platform class for handling basic encryption/decryption of data.
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.1
*/
class JCrypt
{
/**
* @var JCryptCipher The encryption cipher object.
* @since 12.1
*/
private $_cipher;
/**
* @var JCryptKey The encryption key[/pair)].
* @since 12.1
*/
private $_key;
/**
* Object Constructor takes an optional key to be used for encryption/decryption. If no key is given then the
* secret word from the configuration object is used.
*
* @param JCryptCipher $cipher The encryption cipher object.
* @param JCryptKey $key The encryption key[/pair)].
*
* @since 12.1
*/
public function __construct(JCryptCipher $cipher = null, JCryptKey $key = null)
{
// Set the encryption key[/pair)].
$this->_key = $key;
// Set the encryption cipher.
$this->_cipher = isset($cipher) ? $cipher : new JCryptCipherSimple;
}
/**
* Method to decrypt a data string.
*
* @param string $data The encrypted string to decrypt.
*
* @return string The decrypted data string.
*
* @since 12.1
*/
public function decrypt($data)
{
return $this->_cipher->decrypt($data, $this->_key);
}
/**
* Method to encrypt a data string.
*
* @param string $data The data string to encrypt.
*
* @return string The encrypted data string.
*
* @since 12.1
*/
public function encrypt($data)
{
return $this->_cipher->encrypt($data, $this->_key);
}
/**
* Method to generate a new encryption key[/pair] object.
*
* @param array $options Key generation options.
*
* @return JCryptKey
*
* @since 12.1
*/
public function generateKey(array $options = array())
{
return $this->_cipher->generateKey($options);
}
/**
* Method to set the encryption key[/pair] object.
*
* @param JCryptKey $key The key object to set.
*
* @return JCrypt
*
* @since 12.1
*/
public function setKey(JCryptKey $key)
{
$this->_key = $key;
return $this;
}
/**
* Generate random bytes.
*
* @param integer $length Length of the random data to generate
*
* @return string Random binary data
*
* @since 12.1
*/
public static function genRandomBytes($length = 16)
{
$sslStr = '';
/*
* if a secure randomness generator exists and we don't
* have a buggy PHP version use it.
*/
if (function_exists('openssl_random_pseudo_bytes')
&& (version_compare(PHP_VERSION, '5.3.4') >= 0 || IS_WIN))
{
$sslStr = openssl_random_pseudo_bytes($length, $strong);
if ($strong)
{
return $sslStr;
}
}
/*
* Collect any entropy available in the system along with a number
* of time measurements of operating system randomness.
*/
$bitsPerRound = 2;
$maxTimeMicro = 400;
$shaHashLength = 20;
$randomStr = '';
$total = $length;
// Check if we can use /dev/urandom.
$urandom = false;
$handle = null;
// This is PHP 5.3.3 and up
if (function_exists('stream_set_read_buffer') && @is_readable('/dev/urandom'))
{
$handle = @fopen('/dev/urandom', 'rb');
if ($handle)
{
$urandom = true;
}
}
while ($length > strlen($randomStr))
{
$bytes = ($total > $shaHashLength)? $shaHashLength : $total;
$total -= $bytes;
/*
* Collect any entropy available from the PHP system and filesystem.
* If we have ssl data that isn't strong, we use it once.
*/
$entropy = rand() . uniqid(mt_rand(), true) . $sslStr;
$entropy .= implode('', @fstat(fopen(__FILE__, 'r')));
$entropy .= memory_get_usage();
$sslStr = '';
if ($urandom)
{
stream_set_read_buffer($handle, 0);
$entropy .= @fread($handle, $bytes);
}
else
{
/*
* There is no external source of entropy so we repeat calls
* to mt_rand until we are assured there's real randomness in
* the result.
*
* Measure the time that the operations will take on average.
*/
$samples = 3;
$duration = 0;
for ($pass = 0; $pass < $samples; ++$pass)
{
$microStart = microtime(true) * 1000000;
$hash = sha1(mt_rand(), true);
for ($count = 0; $count < 50; ++$count)
{
$hash = sha1($hash, true);
}
$microEnd = microtime(true) * 1000000;
$entropy .= $microStart . $microEnd;
if ($microStart >= $microEnd)
{
$microEnd += 1000000;
}
$duration += $microEnd - $microStart;
}
$duration = $duration / $samples;
/*
* Based on the average time, determine the total rounds so that
* the total running time is bounded to a reasonable number.
*/
$rounds = (int) (($maxTimeMicro / $duration) * 50);
/*
* Take additional measurements. On average we can expect
* at least $bitsPerRound bits of entropy from each measurement.
*/
$iter = $bytes * (int) ceil(8 / $bitsPerRound);
for ($pass = 0; $pass < $iter; ++$pass)
{
$microStart = microtime(true);
$hash = sha1(mt_rand(), true);
for ($count = 0; $count < $rounds; ++$count)
{
$hash = sha1($hash, true);
}
$entropy .= $microStart . microtime(true);
}
}
$randomStr .= sha1($entropy, true);
}
if ($urandom)
{
@fclose($handle);
}
return substr($randomStr, 0, $length);
}
}

1
libraries/joomla/crypt/index.html Normal file
View File

@ -0,0 +1 @@
<!DOCTYPE html><title></title>

80
libraries/joomla/crypt/key.php Normal file
View File

@ -0,0 +1,80 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* Encryption key object for the Joomla Platform.
*
* @property-read string $type The key type.
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.1
*/
class JCryptKey
{
/**
* @var string The private key.
* @since 12.1
*/
public $private;
/**
* @var string The public key.
* @since 12.1
*/
public $public;
/**
* @var string The key type.
* @since 12.1
*/
protected $type;
/**
* Constructor.
*
* @param string $type The key type.
* @param string $private The private key.
* @param string $public The public key.
*
* @since 12.1
*/
public function __construct($type, $private = null, $public = null)
{
// Set the key type.
$this->type = (string) $type;
// Set the optional public/private key strings.
$this->private = isset($private) ? (string) $private : null;
$this->public = isset($public) ? (string) $public : null;
}
/**
* Magic method to return some protected property values.
*
* @param string $name The name of the property to return.
*
* @return mixed
*
* @since 12.1
*/
public function __get($name)
{
if ($name == 'type')
{
return $this->type;
}
else
{
trigger_error('Cannot access property ' . __CLASS__ . '::' . $name, E_USER_WARNING);
}
}
}

72
libraries/joomla/crypt/password.php Normal file
View File

@ -0,0 +1,72 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* Joomla Platform Password Hashing Interface
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.2
*/
interface JCryptPassword
{
const BLOWFISH = '$2y$';
const JOOMLA = 'Joomla';
const PBKDF = '$pbkdf$';
const MD5 = '$1$';
/**
* Creates a password hash
*
* @param string $password The password to hash.
* @param string $type The type of hash. This determines the prefix of the hashing function.
*
* @return string The hashed password.
*
* @since 12.2
*/
public function create($password, $type = null);
/**
* Verifies a password hash
*
* @param string $password The password to verify.
* @param string $hash The password hash to check.
*
* @return boolean True if the password is valid, false otherwise.
*
* @since 12.2
*/
public function verify($password, $hash);
/**
* Sets a default prefix
*
* @param string $type The prefix to set as default
*
* @return void
*
* @since 12.3
*/
public function setDefaultType($type);
/**
* Gets the default type
*
* @return void
*
* @since 12.3
*/
public function getDefaultType();
}

1
libraries/joomla/crypt/password/index.html Normal file
View File

@ -0,0 +1 @@
<!DOCTYPE html><title></title>

190
libraries/joomla/crypt/password/simple.php Normal file
View File

@ -0,0 +1,190 @@
<?php
/**
* @package Joomla.Platform
* @subpackage Crypt
*
* @copyright Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('JPATH_PLATFORM') or die;
/**
* Joomla Platform Password Crypter
*
* @package Joomla.Platform
* @subpackage Crypt
* @since 12.2
*/
class JCryptPasswordSimple implements JCryptPassword
{
/**
* @var integer The cost parameter for hashing algorithms.
* @since 12.2
*/
protected $cost = 10;
/**
* @var string The default hash type
* @since 12.3
*/
protected $defaultType = '$2y$';
/**
* Creates a password hash
*
* @param string $password The password to hash.
* @param string $type The hash type.
*
* @return string The hashed password.
*
* @since 12.2
* @throws InvalidArgumentException
*/
public function create($password, $type = null)
{
if (empty($type))
{
$type = $this->defaultType;
}
switch ($type)
{
case '$2a$':
case JCryptPassword::BLOWFISH:
if (version_compare(PHP_VERSION, '5.3.7') >= 0)
{
$type = '$2y$';
}
else
{
$type = '$2a$';
}
$salt = $type . str_pad($this->cost, 2, '0', STR_PAD_LEFT) . '$' . $this->getSalt(22);
return crypt($password, $salt);
case JCryptPassword::MD5:
$salt = $this->getSalt(12);
$salt = '$1$' . $salt;
return crypt($password, $salt);
case JCryptPassword::JOOMLA:
$salt = $this->getSalt(32);
return md5($password . $salt) . ':' . $salt;
default:
throw new InvalidArgumentException(sprintf('Hash type %s is not supported', $type));
break;
}
}
/**
* Sets the cost parameter for the generated hash for algorithms that use a cost factor.
*
* @param integer $cost The new cost value.
*
* @return void
*
* @since 12.2
*/
public function setCost($cost)
{
$this->cost = $cost;
}
/**
* Generates a salt of specified length. The salt consists of characters in the set [./0-9A-Za-z].
*
* @param integer $length The number of characters to return.
*
* @return string The string of random characters.
*
* @since 12.2
*/
protected function getSalt($length)
{
$bytes = ceil($length * 6 / 8);
$randomData = str_replace('+', '.', base64_encode(JCrypt::genRandomBytes($bytes)));
return substr($randomData, 0, $length);
}
/**
* Verifies a password hash
*
* @param string $password The password to verify.
* @param string $hash The password hash to check.
*
* @return boolean True if the password is valid, false otherwise.
*
* @since 12.2
*/
public function verify($password, $hash)
{
// Check if the hash is a blowfish hash.
if (substr($hash, 0, 4) == '$2a$' || substr($hash, 0, 4) == '$2y$')
{
if (version_compare(PHP_VERSION, '5.3.7') >= 0)
{
$type = '$2y$';
}
else
{
$type = '$2a$';
}
$hash = $type . substr($hash, 4);
return (crypt($password, $hash) === $hash);
}
// Check if the hash is an MD5 hash.
if (substr($hash, 0, 3) == '$1$')
{
return (crypt($password, $hash) === $hash);
}
// Check if the hash is a Joomla hash.
if (preg_match('#[a-z0-9]{32}:[A-Za-z0-9]{32}#', $hash) === 1)
{
return md5($password . substr($hash, 33)) == substr($hash, 0, 32);
}
return false;
}
/**
* Sets a default type
*
* @param string $type The value to set as default.
*
* @return void
*
* @since 12.3
*/
public function setDefaultType($type)
{
if (!empty($type))
{
$this->defaultType = $type;
}
}
/**
* Gets the default type
*
* @return string $type The default type
*
* @since 12.3
*/
public function getDefaultType()
{
return $this->defaultType;
}
}