crypt() does not seem to like some special-characters in its salts, so we skip'em whenever we are generating a password as a salt-value, thx to Tobse101 for a nice debugging session ;)
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -17,39 +17,42 @@
|
||||
|
||||
/**
|
||||
* Generates a random password
|
||||
*
|
||||
* @param boolean $isSalt
|
||||
* optional, create a hash for a salt used in makeCryptPassword because crypt() does not like some special characters in its salts, default is false
|
||||
*/
|
||||
function generatePassword()
|
||||
function generatePassword($isSalt = false)
|
||||
{
|
||||
$alpha_lower = 'abcdefghijklmnopqrstuvwxyz';
|
||||
$alpha_upper = strtoupper($alpha_lower);
|
||||
$numeric = '0123456789';
|
||||
$special = Settings::Get('panel.password_special_char');
|
||||
$length = Settings::Get('panel.password_min_length') > 3 ? Settings::Get('panel.password_min_length') : 10;
|
||||
|
||||
|
||||
$pw = special_shuffle($alpha_lower);
|
||||
$n = floor(($length) / 4);
|
||||
|
||||
|
||||
if (Settings::Get('panel.password_alpha_upper')) {
|
||||
$pw .= mb_substr(special_shuffle($alpha_upper), 0, $n);
|
||||
}
|
||||
|
||||
|
||||
if (Settings::Get('panel.password_numeric')) {
|
||||
$pw .= mb_substr(special_shuffle($numeric), 0, $n);
|
||||
}
|
||||
|
||||
if (Settings::Get('panel.password_special_char_required')) {
|
||||
|
||||
if (Settings::Get('panel.password_special_char_required') && !$isSalt) {
|
||||
$pw .= mb_substr(special_shuffle($special), 0, $n);
|
||||
}
|
||||
|
||||
|
||||
$pw = mb_substr($pw, - $length);
|
||||
|
||||
|
||||
return special_shuffle($pw);
|
||||
}
|
||||
|
||||
/**
|
||||
* multibyte-character safe shuffle function
|
||||
*
|
||||
* @param string $str
|
||||
* @param string $str
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
|
||||
@@ -43,25 +43,25 @@ function makeCryptPassword ($password) {
|
||||
$cryptPassword = crypt($password);
|
||||
break;
|
||||
case 1:
|
||||
$cryptPassword = crypt($password, '$1$' . generatePassword(). generatePassword());
|
||||
$cryptPassword = crypt($password, '$1$' . generatePassword(true). generatePassword(true));
|
||||
break;
|
||||
case 2:
|
||||
if (version_compare(phpversion(), '5.3.7', '<')) {
|
||||
$cryptPassword = crypt($password, '$2a$' . generatePassword(). generatePassword());
|
||||
$cryptPassword = crypt($password, '$2a$' . generatePassword(true). generatePassword(true));
|
||||
} else {
|
||||
// Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$",
|
||||
// a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z"
|
||||
$cryptPassword = crypt(
|
||||
$password,
|
||||
'$2y$07$' . substr(generatePassword().generatePassword().generatePassword(), 0, 22)
|
||||
'$2y$07$' . substr(generatePassword(true).generatePassword(true).generatePassword(true), 0, 22)
|
||||
);
|
||||
}
|
||||
break;
|
||||
case 3:
|
||||
$cryptPassword = crypt($password, '$5$' . generatePassword(). generatePassword());
|
||||
$cryptPassword = crypt($password, '$5$' . generatePassword(true). generatePassword(true));
|
||||
break;
|
||||
case 4:
|
||||
$cryptPassword = crypt($password, '$6$' . generatePassword(). generatePassword());
|
||||
$cryptPassword = crypt($password, '$6$' . generatePassword(true). generatePassword(true));
|
||||
break;
|
||||
default:
|
||||
$cryptPassword = crypt($password);
|
||||
|
||||
Reference in New Issue
Block a user