X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fclasses%2Fmain%2Fcrypto%2Fclass_CryptoHelper.php;h=0456e10dae2e1f8cb3c5a0929f9a1d7e66def337;hb=5bf79580029c4f6ee71e6c9e7890169e4b344def;hp=681ec646b8e44210d6e482c6ba253a08c401bb99;hpb=1cc728fe28f6fe71a8d581a0dc1f2505bb0baa33;p=shipsimu.git diff --git a/inc/classes/main/crypto/class_CryptoHelper.php b/inc/classes/main/crypto/class_CryptoHelper.php index 681ec64..0456e10 100644 --- a/inc/classes/main/crypto/class_CryptoHelper.php +++ b/inc/classes/main/crypto/class_CryptoHelper.php @@ -4,7 +4,7 @@ * * @author Roland Haeder * @version 0.0.0 - * @copyright Copyright(c) 2007, 2008 Roland Haeder, this is free software + * @copyright Copyright (c) 2007, 2008 Roland Haeder, this is free software * @license GNU GPL 3.0 or any newer version * @link http://www.ship-simu.org * @@ -19,7 +19,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ class CryptoHelper extends BaseFrameworkSystem implements Cryptable { // Exception constants @@ -50,12 +50,6 @@ class CryptoHelper extends BaseFrameworkSystem implements Cryptable { // Call parent constructor parent::__construct(__CLASS__); - // Set part description - $this->setObjectDescription("Cryptographical helper"); - - // Create unique ID number - $this->generateUniqueId(); - // Clean up a little $this->removeNumberFormaters(); $this->removeSystemArray(); @@ -125,8 +119,8 @@ class CryptoHelper extends BaseFrameworkSystem implements Cryptable { /** * Hashes a string with salt and returns the hash. If an old previous hash * is supplied the method will use the first X chars of that hash for hashing - * the password. This is useful if you want to check if the password is - * identical for authorization purposes. + * the password. This is useful if you want to check if password is identical + * for authorization purposes. * * @param $str Unhashed string * @param $oldHash A hash from previous hashed string @@ -136,17 +130,17 @@ class CryptoHelper extends BaseFrameworkSystem implements Cryptable { // Cast the string $str = (string) $str; + // Default is the default salt ;-) + $salt = $this->salt; + // Is the old password set? - if (empty($oldHash)) { - // No, then use the current salt - $salt = $this->salt; - } else { + if (!empty($oldHash)) { // Use the salt from hash, first get length $length = $this->getConfigInstance()->readConfig('salt_length'); // Then extract the X first characters from the hash as our salt $salt = substr($oldHash, 0, $length); - } + } // END - if // Hash the password with salt //* DEBUG: */ echo "salt=".$salt."/plain=".$str."
\n"; @@ -172,14 +166,53 @@ class CryptoHelper extends BaseFrameworkSystem implements Cryptable { $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); // Get key - if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') == "Y") { + if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') === "Y") { $key = md5($this->rngInstance->getFixedSalt()); } else { $key = md5($this->rngInstance->getExtraSalt()); } + // Add some "garbage" to the string + switch ($this->rngInstance->randomNumber(0, 8)) { + case 0: + $garbageString = crc32($this->rngInstance->randomString(10))."|".base64_encode($str)."|".crc32($this->rngInstance->randomString(20)); + break; + + case 1: + $garbageString = crc32($this->rngInstance->randomString(10))."|".base64_encode($str)."|".md5($this->rngInstance->randomString(20)); + break; + + case 2: + $garbageString = crc32($this->rngInstance->randomString(10))."|".base64_encode($str)."|".sha1($this->rngInstance->randomString(20)); + break; + + case 3: + $garbageString = md5($this->rngInstance->randomString(10))."|".base64_encode($str)."|".crc32($this->rngInstance->randomString(20)); + break; + + case 4: + $garbageString = md5($this->rngInstance->randomString(10))."|".base64_encode($str)."|".md5($this->rngInstance->randomString(20)); + break; + + case 5: + $garbageString = md5($this->rngInstance->randomString(10))."|".base64_encode($str)."|".sha1($this->rngInstance->randomString(20)); + break; + + case 6: + $garbageString = sha1($this->rngInstance->randomString(10))."|".base64_encode($str)."|".crc32($this->rngInstance->randomString(20)); + break; + + case 7: + $garbageString = sha1($this->rngInstance->randomString(10))."|".base64_encode($str)."|".md5($this->rngInstance->randomString(20)); + break; + + case 8: + $garbageString = sha1($this->rngInstance->randomString(10))."|".base64_encode($str)."|".sha1($this->rngInstance->randomString(20)); + break; + } + // Encrypt the string - $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $str, MCRYPT_MODE_ECB, $iv); + $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $garbageString, MCRYPT_MODE_ECB, $iv); // Return the string return $encrypted; @@ -197,14 +230,23 @@ class CryptoHelper extends BaseFrameworkSystem implements Cryptable { $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); // Get key - if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') == "Y") { + if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') === "Y") { $key = md5($this->rngInstance->getFixedSalt()); } else { $key = md5($this->rngInstance->getExtraSalt()); } - // Encrypt the string - $str = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_ECB, $iv); + // Decrypt the string + $garbageString = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_ECB, $iv); + + // Get the real string out + $strArray = explode("|", $garbageString); + + // Does the element count match? + assert(count($strArray) == 3); + + // Decode the string + $str = base64_decode($strArray[1]); // Trim trailing nulls away $str = rtrim($str, "\0");