/trunk/includes/classes/OIDplusAuthUtils.class.php |
---|
210,21 → 210,18 |
} |
foreach ($passwordDataArray as $passwordData) { |
if (strpos($passwordData, '$') !== false) { |
if ($passwordData[0] == '$') { |
// Version 3: BCrypt |
if (password_verify($password, $passwordData)) return true; |
} else { |
if (str_starts_with($passwordData, '$')) { |
// Version 3: BCrypt (or any other crypt) |
$ok = password_verify($password, $passwordData); |
} else if (strpos($passwordData, '$') !== false) { |
// Version 2: SHA3-512 with salt |
list($s_salt, $hash) = explode('$', $passwordData, 2); |
} |
list($salt, $hash) = explode('$', $passwordData, 2); |
$ok = hash_equals(sha3_512($salt.$password, true), base64_decode($hash)); |
} else { |
// Version 1: SHA3-512 without salt |
$s_salt = ''; |
$hash = $passwordData; |
$ok = hash_equals(sha3_512($password, true), base64_decode($passwordData)); |
} |
if (hash_equals(sha3_512($s_salt.$password, true), base64_decode($hash))) return true; |
if ($ok) return true; |
} |
return false; |
359,4 → 356,3 |
/* Nothing here; the admin password will be generated in setup_base.js , purely in the web-browser */ |
} |
/trunk/plugins/viathinksoft/auth/A5_vts_mcf/OIDplusAuthPluginVtsMcf.class.php |
---|
36,30 → 36,15 |
} |
public function generate($password): OIDplusRAAuthInfo { |
$hashalgo = 'sha3-512'; // we can safely use it, because we have a pure-PHP implementation shipped with OIDplus |
$salt = random_bytes_ex(50, true, true); |
if (function_exists('sha3_512_hmac')) { |
$calc_authkey = vts_password_hash($password, PASSWORD_VTS_MCF1, array( |
'algo' => $hashalgo, |
'algo' => 'sha3-512', // we can safely use it, because we have a pure-PHP implementation shipped with OIDplus |
'mode' => 'hmac' |
)); |
} else if (function_exists('sha3_512')) { |
$calc_authkey = vts_password_hash($password, PASSWORD_VTS_MCF1, array( |
'algo' => $hashalgo, |
'mode' => 'ps' // 'ps' means Password+Salt concatenated |
)); |
} else { |
$calc_authkey = ''; // avoid PHPstan warning |
assert(false); |
} |
return new OIDplusRAAuthInfo($calc_authkey); |
} |
public function availableForHash(&$reason): bool { |
return function_exists('vts_password_hash') && (function_exists('sha3_512_hmac') || function_exists('sha3_512')); |
return function_exists('vts_password_hash'); |
} |
public function availableForVerify(&$reason): bool { |