X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Ffunctions.php;h=921cda0aea979a1322e5097f2c3fc18413a9ed07;hb=3fce27f277e3316c33a7e904ef499370c0c95dde;hp=14630ab3b4f7b65fbe13eecabe7ced0c572066ee;hpb=6b011418a22c7974a0a4c56351caef20dcfa5020;p=mailer.git
diff --git a/inc/functions.php b/inc/functions.php
index 14630ab3b4..921cda0aea 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -2074,11 +2074,17 @@ function generateEmailLink ($email, $table = 'admins') {
}
// Generate a hash for extra-security for all passwords
-function generateHash ($plainText, $salt = '') {
+function generateHash ($plainText, $salt = '', $hash = true) {
// Is the required extension 'sql_patches' there and a salt is not given?
if (((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionActive('sql_patches')) || (!isExtensionInstalledAndNewer('other', '0.2.5'))) && (empty($salt))) {
// Extension sql_patches is missing/outdated so we hash the plain text with MD5
- return md5($plainText);
+ if ($hash === true) {
+ // Is plain password
+ return md5($plainText);
+ } else {
+ // Is already a hash
+ return $plainText;
+ }
} // END - if
// Do we miss an arry element here?
@@ -2218,35 +2224,37 @@ function generatePassString ($passHash) {
$ret = $passHash;
// Is a secret key and master salt already initialized?
- if ((isExtensionInstalled('sql_patches')) && (isExtensionInstalledAndNewer('other', '0.2.5')) && (isConfigEntrySet('_PRIME')) && (isConfigEntrySet('secret_key')) && (isConfigEntrySet('master_salt'))) {
+ if ((isExtensionInstalled('sql_patches')) && (isConfigEntrySet('_PRIME')) && (isConfigEntrySet('secret_key')) && (isConfigEntrySet('master_salt'))) {
// Only calculate when the secret key is generated
+ if (strlen($passHash) != getConfig('secret_key')) {
+ // Both keys must have same length
+ debug_report_bug('Hash lengths do not match! (' . strlen($passHash) . '!=' . strlen(getConfig('secret_key')) . ')');
+ } // END - if
+
$newHash = ''; $start = 9;
- for ($idx = '0'; $idx < 10; $idx++) {
- $part1 = hexdec(substr($passHash, $start, 4));
- $part2 = hexdec(substr(getConfig('secret_key'), $start, 4));
+ //* DEBUG: */ outputHtml('passHash=' . $passHash . '(' . strlen($passHash) . ')
');
+ for ($idx = 0; $idx < 20; $idx++) {
+ $part1 = hexdec(substr($passHash, ($idx * 2), 2));
+ $part2 = hexdec(substr(getConfig('secret_key'), $start, 2));
+ //* DEBUG: */ outputHtml('part1='.$part1.'/part2='.$part2.'
');
$mod = dechex($idx);
if ($part1 > $part2) {
$mod = dechex(sqrt(($part1 - $part2) * getConfig('_PRIME') / pi()));
} elseif ($part2 > $part1) {
$mod = dechex(sqrt(($part2 - $part1) * getConfig('_PRIME') / pi()));
}
- $mod = substr($mod, 0, 4);
+ $mod = substr($mod, 0, 2);
//* DEBUG: */ outputHtml('part1='.$part1.'/part2='.$part2.'/mod=' . $mod . '('.strlen($mod).')
');
- $mod = str_repeat(0, (4 - strlen($mod))) . $mod;
- //* DEBUG: */ outputHtml('*' . $start . '=' . $mod . '*
');
- $start += 4;
+ $mod = str_repeat(0, (2 - strlen($mod))) . $mod;
+ //* DEBUG: */ outputHtml('mod(' . ($idx * 2) . ')=' . $mod . '*
');
+ $start += 2;
$newHash .= $mod;
} // END - for
- //* DEBUG: */ print($passHash.'
' . $newHash." (".strlen($newHash).')
');
+ //* DEBUG: */ print($passHash . '
' . $newHash . ' (' . strlen($newHash) . ')
');
$ret = generateHash($newHash, getConfig('master_salt'));
- //* DEBUG: */ print('ret='.$ret.'
');
- } else {
- // Hash it simple
- //* DEBUG: */ outputHtml("--" . $passHash."--
");
- $ret = md5($passHash);
- //* DEBUG: */ outputHtml("++" . $ret."++
");
- }
+ //* DEBUG: */ print('ret=' . $ret . '
');
+ } // END - if
// Return result
return $ret;