e107_plugins/alt_auth/extended_password_handler.php
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2013 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Extended password handler for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
/**
EXTENDED PASSWORD HANDLER CLASS
- supports many password formats used on other systems
- implements checking of existing passwords only
To use:
Instantiate ExtendedPasswordHandler
call CheckPassword(plaintext_password,login_name, stored_value)
or, optionally:
call CheckPassword(plaintext_password,login_name, stored_value, password_type)
@todo:
1. Check that public/private declarations of functions are correct
*/
if (!defined('e107_INIT')) { exit; }
require_once(e_HANDLER.'user_handler.php');
// @todo make these class constants
/*define('PASSWORD_PHPBB_SALT',2);
define('PASSWORD_MAMBO_SALT',3);
define('PASSWORD_JOOMLA_SALT',4);
define('PASSWORD_GENERAL_MD5',5);
define('PASSWORD_PLAINTEXT',6);
define('PASSWORD_GENERAL_SHA1',7);
define('PASSWORD_WORDPRESS_SALT', 8);
define('PASSWORD_MAGENTO_SALT', 9);
define('PASSWORD_PHPFUSION_SHA256', 10);
// Supported formats:
define('PASSWORD_PHPBB_ID', '$H$'); // PHPBB salted
define('PASSWORD_ORIG_ID', '$P$'); // 'Original' code
define('PASSWORD_WORDPRESS_ID', '$P$'); // WordPress 2.8
*/
class ExtendedPasswordHandler extends UserHandler
{
private $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; // Holds a string of 64 characters for base64 conversion
var $random_state = ''; // A (hopefully) random number
const PASSWORD_E107_MD5 = 0;
const PASSWORD_E107_SALT = 1;
const PASSWORD_PHPBB_SALT = 2;
const PASSWORD_MAMBO_SALT = 3;
const PASSWORD_JOOMLA_SALT = 4;
const PASSWORD_GENERAL_MD5 = 5;
const PASSWORD_PLAINTEXT = 6;
const PASSWORD_GENERAL_SHA1 = 7;
const PASSWORD_WORDPRESS_SALT = 8;
const PASSWORD_MAGENTO_SALT = 9;
const PASSWORD_PHPFUSION_SALT = 10;
const PASSWORD_ABANTECART_SALT = 11;
const PASSWORD_PHPBB_ID = '$H$'; // PHPBB salted
const PASSWORD_ORIG_ID = '$P$'; // 'Original' code
const PASSWORD_WORDPRESS_ID = '$P$'; // WordPress 2.8
/**
* Constructor - just call parent
*/
function __construct()
{
// Ancestor constructor
parent::__construct();
}
/**
* Return a number of random bytes as specified by $count
*/
private function get_random_bytes($count)
{
$this->random_state = md5($this->random_state.microtime().random_int(0,10000)); // This will 'auto seed'
$output = '';
for ($i = 0; $i < $count; $i += 16)
{ // Only do this loop once unless we need more than 16 bytes
$this->random_state = md5(microtime() . $this->random_state);
$output .= pack('H*', md5($this->random_state)); // Becomes an array of 16 bytes
}
$output = substr($output, 0, $count);
return $output;
}
/**
* Encode to base64 (each block of three 8-bit chars becomes 4 printable chars)
* Use first $count characters of $input string
*/
private function encode64($input, $count)
{
return base64_encode(substr($input, 0, $count)); // @todo - check this works OK
/*
$output = '';
$i = 0;
do
{
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count) $value |= ord($input[$i]) << 8;
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) break;
if ($i < $count) $value |= ord($input[$i]) << 16;
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) break;
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
*/
}
/**
* Method for PHPBB3-style salted passwords, which begin '$H$', and WordPress-style salted passwords, which begin '$P$'
* Given a plaintext password and the complete password/hash function (which includes any salt), calculate hash
* Returns FALSE on error
*/
private function crypt_private($password, $stored_password, $password_type = self::PASSWORD_PHPBB_SALT)
{
$output = '*0';
if (substr($stored_password, 0, 2) == $output)
{
$output = '*1';
}
$prefix = '';
switch ($password_type)
{
case self::PASSWORD_PHPBB_SALT :
$prefix = self::PASSWORD_PHPBB_ID;
break;
case self::PASSWORD_WORDPRESS_SALT :
$prefix = self::PASSWORD_WORDPRESS_ID;
break;
default :
$prefix = '';
}
if ($prefix != substr($stored_password, 0, 3))
{
return $output;
}
$count_log2 = strpos($this->itoa64, $stored_password[3]); // 4th character indicates hash depth count
if ($count_log2 < 7 || $count_log2 > 30)
{
return $output;
}
$count = 1 << $count_log2;
$salt = substr($stored_password, 4, 8); // Salt is characters 5..12
if (strlen($salt) != 8)
{
return $output;
}
# We're kind of forced to use MD5 here since it's the only
# cryptographic primitive available in all versions of PHP
# currently in use. To implement our own low-level crypto
# in PHP would result in much worse performance and
# consequently in lower iteration counts and hashes that are
# quicker to crack (by non-PHP code).
// Get raw binary output (always 16 bytes) - we assume PHP5 here
$hash = md5($salt.$password, TRUE);
do
{
$hash = md5($hash.$password, TRUE);
} while (--$count);
$output = substr($setting, 0, 12); // Identifier, shift count and salt - total 12 chars
$output .= $this->encode64($hash, 16); // Returns 22-character string
return $output;
}
/**
* Return array of supported password types - key is used internally, text is displayed
*/
public function getPasswordTypes($includeExtended = TRUE)
{
$vals = array( // Methods supported in core
'md5' => IMPORTDB_LAN_7,
'e107_salt' => IMPORTDB_LAN_8
);
if ($includeExtended)
{
$vals = array_merge($vals,array(
'plaintext' => IMPORTDB_LAN_2,
'joomla_salt' => IMPORTDB_LAN_3,
'mambo_salt' => IMPORTDB_LAN_4,
'smf_sha1' => IMPORTDB_LAN_5,
'sha1' => IMPORTDB_LAN_6,
'phpbb3_salt' => IMPORTDB_LAN_12,
'wordpress_salt' => IMPORTDB_LAN_13,
'magento_salt' => IMPORTDB_LAN_14,
'phpfusion_salt' => "PHPFusion",
'abantecart_salt' => "AbanteCart Salt",
));
}
return $vals;
}
/**
* Return password type which relates to a specific foreign system
*/
public function passwordMapping($ptype)
{
$maps = array(
'plaintext' => self::PASSWORD_PLAINTEXT,
'joomla_salt' => self::PASSWORD_JOOMLA_SALT,
'mambo_salt' => self::PASSWORD_MAMBO_SALT,
'smf_sha1' => self::PASSWORD_GENERAL_SHA1,
'sha1' => self::PASSWORD_GENERAL_SHA1,
'mambo' => self::PASSWORD_GENERAL_MD5,
'phpbb2' => self::PASSWORD_GENERAL_MD5,
'e107' => self::PASSWORD_GENERAL_MD5,
'md5' => self::PASSWORD_GENERAL_MD5,
'e107_salt' => self::PASSWORD_E107_SALT,
'phpbb2_salt' => self::PASSWORD_PHPBB_SALT,
'phpbb3_salt' => self::PASSWORD_PHPBB_SALT,
'wordpress_salt' => self::PASSWORD_WORDPRESS_SALT,
'magento_salt' => self::PASSWORD_MAGENTO_SALT,
'phpfusion_salt' => self::PASSWORD_PHPFUSION_SALT,
'abantecart_salt' => self::PASSWORD_ABANTECART_SALT,
);
if (isset($maps[$ptype])) return $maps[$ptype];
return FALSE;
}
/**
* Extension of password validation to handle more types
*
* @param string $password - plaintext password as entered by user
* @param string $login_name - string used to log in (could actually be email address)
* @param string $stored_hash - required value for password to match
* @param integer $password_type - constant specifying the type of password to check against
*
* @return string PASSWORD_INVALID|PASSWORD_VALID|string
* PASSWORD_INVALID if no match
* PASSWORD_VALID if valid password
* Return a new hash to store if valid password but non-preferred encoding
*/
public function CheckPassword($password, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE)
{
switch ($password_type)
{
case self::PASSWORD_GENERAL_MD5 :
case self::PASSWORD_E107_MD5 :
$pwHash = md5($password);
break;
case self::PASSWORD_GENERAL_SHA1 :
if (strlen($stored_hash) != 40) return PASSWORD_INVALID;
$pwHash = sha1($password);
break;
case self::PASSWORD_JOOMLA_SALT :
case self::PASSWORD_MAMBO_SALT :
if ((strpos($stored_hash, ':') === false) || (strlen($stored_hash) < 40))
{
return PASSWORD_INVALID;
}
// Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe)
list($hash, $salt) = explode(':', $stored_hash);
$pwHash = md5($password.$salt);
$stored_hash = $hash;
break;
case self::PASSWORD_MAGENTO_SALT :
$hash = $salt = '';
if ((strpos($stored_hash, ':') !== false))
{
list($hash, $salt) = explode(':', $stored_hash);
}
// Magento salted hash - should be 32-character md5 hash, ':', 2-character salt, but could be also only md5 hash
else
{
$hash = $stored_hash;
}
// if(strlen($hash) !== 32)
// {
//return PASSWORD_INVALID;
// }
$pwHash = $salt ? md5($salt.$password) : md5($password);
$stored_hash = $hash;
break;
case self::PASSWORD_E107_SALT :
//return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash);
return parent::CheckPassword($password, $login_name, $stored_hash);
// break;
case self::PASSWORD_PHPBB_SALT :
case self::PASSWORD_WORDPRESS_SALT :
if (strlen($stored_hash) != 34) return PASSWORD_INVALID;
$pwHash = $this->crypt_private($password, $stored_hash, $password_type);
if ($pwHash[0] === '*')
{
return PASSWORD_INVALID;
}
$stored_hash = substr($stored_hash,12);
break;
case self::PASSWORD_PHPFUSION_SALT:
list($hash, $salt) = explode(':', $stored_hash);
if (strlen($hash) !== 32)
{
$pwHash = hash_hmac('sha256',$password, $salt);
}
else
{
e107::getMessage()->addDebug("PHPFusion Md5 Hash Detected ");
$pwHash = md5(md5($password));
}
$stored_hash = $hash;
break;
case self::PASSWORD_PLAINTEXT :
$pwHash = $password;
break;
case self::PASSWORD_ABANTECART_SALT :
$hash = $salt = '';
if ((strpos($stored_hash, ':') !== false))
{
list($hash, $salt) = explode(':', $stored_hash);
}
// Magento salted hash - should be 32-character md5 hash, ':', 2-character salt, but could be also only md5 hash
else
{
$hash = $stored_hash;
}
/*
password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('".$this->db->escape($password)."')))
*/
//$pwHash = $salt ? md5($salt.$pword) : md5($pword);
$pwHash = sha1($salt.sha1($salt.sha1($password)));
$stored_hash = $hash;
break;
default :
return PASSWORD_INVALID;
}
if(deftrue('ADMIN_AREA'))
{
e107::getMessage()->addDebug("Stored Hash: ".$stored_hash);
if(!empty($salt))
{
e107::getMessage()->addDebug("Stored Salt: ".$salt);
}
e107::getMessage()->addDebug("Generated Hash: ".$pwHash);
}
if ($stored_hash != $pwHash) return PASSWORD_INVALID;
return PASSWORD_VALID;
}
}