*
* @author Roland Haeder <webmaster@ship-simu.org>
* @version 0.0.0
- * @copyright Copyright(c) 2007, 2008 Roland Haeder, this is free software
+ * @copyright Copyright (c) 2007, 2008 Roland Haeder, this is free software
* @license GNU GPL 3.0 or any newer version
* @link http://www.ship-simu.org
*
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
class CryptoHelper extends BaseFrameworkSystem implements Cryptable {
// Exception constants
// Call parent constructor
parent::__construct(__CLASS__);
- // Set part description
- $this->setObjectDescription("Cryptographical helper");
-
- // Create unique ID number
- $this->generateUniqueId();
-
// Clean up a little
$this->removeNumberFormaters();
$this->removeSystemArray();
/**
* Hashes a string with salt and returns the hash. If an old previous hash
* is supplied the method will use the first X chars of that hash for hashing
- * the password. This is useful if you want to check if the password is
- * identical for authorization purposes.
+ * the password. This is useful if you want to check if password is identical
+ * for authorization purposes.
*
* @param $str Unhashed string
* @param $oldHash A hash from previous hashed string
// Cast the string
$str = (string) $str;
+ // Default is the default salt ;-)
+ $salt = $this->salt;
+
// Is the old password set?
- if (empty($oldHash)) {
- // No, then use the current salt
- $salt = $this->salt;
- } else {
+ if (!empty($oldHash)) {
// Use the salt from hash, first get length
$length = $this->getConfigInstance()->readConfig('salt_length');
// Then extract the X first characters from the hash as our salt
$salt = substr($oldHash, 0, $length);
- }
+ } // END - if
// Hash the password with salt
//* DEBUG: */ echo "salt=".$salt."/plain=".$str."<br />\n";
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
// Get key
- if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') == "Y") {
+ if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') === "Y") {
$key = md5($this->rngInstance->getFixedSalt());
} else {
$key = md5($this->rngInstance->getExtraSalt());
}
+ // Add some "garbage" to the string
+ switch ($this->rngInstance->randomNumber(0, 8)) {
+ case 0:
+ $garbageString = crc32($this->rngInstance->randomString(10))."|".base64_encode($str)."|".crc32($this->rngInstance->randomString(20));
+ break;
+
+ case 1:
+ $garbageString = crc32($this->rngInstance->randomString(10))."|".base64_encode($str)."|".md5($this->rngInstance->randomString(20));
+ break;
+
+ case 2:
+ $garbageString = crc32($this->rngInstance->randomString(10))."|".base64_encode($str)."|".sha1($this->rngInstance->randomString(20));
+ break;
+
+ case 3:
+ $garbageString = md5($this->rngInstance->randomString(10))."|".base64_encode($str)."|".crc32($this->rngInstance->randomString(20));
+ break;
+
+ case 4:
+ $garbageString = md5($this->rngInstance->randomString(10))."|".base64_encode($str)."|".md5($this->rngInstance->randomString(20));
+ break;
+
+ case 5:
+ $garbageString = md5($this->rngInstance->randomString(10))."|".base64_encode($str)."|".sha1($this->rngInstance->randomString(20));
+ break;
+
+ case 6:
+ $garbageString = sha1($this->rngInstance->randomString(10))."|".base64_encode($str)."|".crc32($this->rngInstance->randomString(20));
+ break;
+
+ case 7:
+ $garbageString = sha1($this->rngInstance->randomString(10))."|".base64_encode($str)."|".md5($this->rngInstance->randomString(20));
+ break;
+
+ case 8:
+ $garbageString = sha1($this->rngInstance->randomString(10))."|".base64_encode($str)."|".sha1($this->rngInstance->randomString(20));
+ break;
+ }
+
// Encrypt the string
- $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $str, MCRYPT_MODE_ECB, $iv);
+ $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $garbageString, MCRYPT_MODE_ECB, $iv);
// Return the string
return $encrypted;
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
// Get key
- if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') == "Y") {
+ if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') === "Y") {
$key = md5($this->rngInstance->getFixedSalt());
} else {
$key = md5($this->rngInstance->getExtraSalt());
}
- // Encrypt the string
- $str = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_ECB, $iv);
+ // Decrypt the string
+ $garbageString = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_ECB, $iv);
+
+ // Get the real string out
+ $strArray = explode("|", $garbageString);
+
+ // Does the element count match?
+ assert(count($strArray) == 3);
+
+ // Decode the string
+ $str = base64_decode($strArray[1]);
// Trim trailing nulls away
$str = rtrim($str, "\0");