// Check if the password is found in the request
if ($this->getRequestInstance()->isRequestElementSet($requestKey)) {
// So encrypt the password and store it for later usage in
- // the request
- $this->hashedPassword = ObjectFactory::createObjectByConfiguredName('crypto_heler')->hashPassword($this->getRequestInstance()->getRequestElement($requestKey));
+ // the request:
+ // 1.: Get the plain password
+ $plainPassword = $this->getRequestInstance()->getRequestElement($requestKey);
+ // 2. Get a crypto helper and hash the password
+ $this->hashedPassword = ObjectFactory::createObjectByConfiguredName('crypto_heler')->hashPassword($plainPassword);
+ // 3. Store the hash back in the request
$this->getRequestInstance()->setRequestElement('pass_hash', $this->hashedPassword);
}
}
$length = $this->getConfigInstance()->readConfig('salt_length');
// Keep only defined number of characters
- $this->salt = substr($randomString, -$length, $length);
+ $this->salt = substr(sha1($randomString), -$length, $length);
+ }
+
+ /**
+ * Hashes a password with salt and returns the hash. If an old previous hash
+ * is supplied the method will use the first X chars of that hash for hashing
+ * the password. This is useful if you want to check if the password is
+ * identical for authorization purposes.
+ *
+ * @param $plainPassword The plain password to use
+ * @param $oldHash A previously hashed password
+ * @return $hashed The hashed and salted password
+ */
+ public function hashPassword ($plainPassword, $oldHash = "") {
+ // Is the old password set?
+ if (empty($oldHash)) {
+ // No, then use the current salt
+ $salt = $this->salt;
+ } else {
+ // Use the salt from hash, first get length
+ $length = $this->getConfigInstance()->readConfig('salt_length');
+
+ // Then extract the X first characters from the hash as our salt
+ $salt = substr($oldHash, 0, $length);
+ }
+
+ // Hash the password with salt
+ $hashed = $salt . md5(sprintf($this->getConfigInstance()->readConfig('hash_mask'),
+ $salt,
+ $this->rngInstance->getExtraSalt(),
+ $plainPassword
+ ));
+
+ // And return it
+ return $hashed;
}
}
* @return void
*/
protected function initRng () {
+ // Seed mt_rand()
+ mt_srand((double) microtime() * 1000000);
+
// Get the prime number from config
$this->prime = $this->getConfigInstance()->readConfig('math_prime');
// a better prime number
$this->extraNumber = ($this->prime * $this->prime / (pi() ^ 2));
+ // Set the server IP to cluster
+ $serverIp = "cluster";
+ // Do we have a single server?
+ if ($this->getConfigInstance()->readConfig('is_single_server') == "Y") {
+ // Then use that IP for extra security
+ $serverIp = getenv('SERVER_ADDR');
+ }
+
// One-way data we need for "extra-salting" the random number
// @TODO Add site for stronger salt!
- $this->extraSalt = sha1(getenv('SERVER_ADDR') . ":" . getenv('SERVER_SOFTWARE') . ":" . $this->getConfigInstance()->readConfig('date_key') . ":" . serialize($this->getDatabaseInstance()->getConnectionData()));
+ $this->extraSalt = sha1($serverIp . ":" . getenv('SERVER_SOFTWARE') . ":" . $this->getConfigInstance()->readConfig('date_key') . ":" . serialize($this->getDatabaseInstance()->getConnectionData()));
// Get config entry for max salt length
$this->rndStrLen = $this->getConfigInstance()->readConfig('rnd_str_length');
// @TODO I had a better random number generator here
return mt_rand($min, $max);
}
+
+ /**
+ * Getter for extra salt
+ *
+ * @return $extraSalt
+ */
+ public final function getExtraSalt () {
+ return $this->extraSalt;
+ }
}
// [EOF]
// CFG: RND-STR-LENGTH
$cfg->setConfigEntry('rnd_str_length', 128);
+// CFG: HASH-MASK
+$cfg->setConfigEntry('hash_mask', "%1s:%2s:%3s"); // 1=salt, 2=extra salt, 3=plain password
+
+// CFG: IS-SINGLE-SERVER
+$cfg->setConfigEntry('is_single_server', "Y");
+
// [EOF]
?>
projects / shipsimu.git / commitdiff