New user module with password support. This supports the same password mechanism as g1 and g2 to facilitate a migration.

4 files changed, 353 insertions, 1 deletions

diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index bb6f1ceb..e0f7312e 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -69,7 +69,7 @@ class user_installer {
       $user->name = "admin";
       $user->display_name = "Gallery Administrator";
       // @todo create a helper function to encrypt the password.
-      $user->password = "admin";
+      $user->password = user_password::hash_password("admin");
       $user->save();
       $id = $user->id;
       $db->query("UPDATE `items` SET `owner_id` = $id WHERE `owner_id` IS NULL");
diff --git a/modules/user/helpers/user_password.php b/modules/user/helpers/user_password.php
new file mode 100644
index 00000000..45de5bef
--- /dev/null
+++ b/modules/user/helpers/user_password.php
@@ -0,0 +1,83 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2008 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class user_password {
+
+  /**
+   * Is the password provided correct?
+   *
+   * @param user User Model
+   * @param string $password a plaintext password
+   * @return boolean true if the password is correct
+   */
+  public static function is_correct_password($user, $password) {
+    $valid = $user->password;
+
+    $salt = substr($valid, 0, 4);
+    /* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */
+    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
+    if (!strcmp($guess, $valid)) {
+      return true;
+    }
+
+    /* Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */
+    $sanitizedPassword = html::specialchars($password, false);
+    $guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
+          : ($salt . md5($salt . $sanitizedPassword));
+    if (!strcmp($guess, $valid)) {
+      return true;
+    }
+
+    /* Also support hashes generated by phpass for interoperability with other applications */
+    if (strlen($valid) == 34) {
+      $hashGenerator = new PasswordHash(10, true);
+      return $hashGenerator->CheckPassword($password, $valid);
+    }
+
+    return false;
+  }
+
+  /**
+   * Create the hashed passwords.
+   * @param string $password a plaintext password
+   * @return string hashed password
+   */
+  public static function hash_password($password) {
+    return user_password::_md5Salt($password);
+  }
+
+  /**
+   * Create a hashed password using md5 plus salt.
+   * @param string $password plaintext password
+   * @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
+   * @return string hashed password
+   */
+  private static function _md5Salt($password, $salt='') {
+    if (empty($salt)) {
+      for ($i = 0; $i < 4; $i++) {
+        $char = mt_rand(48, 109);
+        $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
+        $salt .= chr($char);
+      }
+    } else {
+      $salt = substr($salt, 0, 4);
+    }
+    return $salt . md5($salt . $password);
+  }
+}
diff --git a/modules/user/libraries/PasswordHash.php b/modules/user/libraries/PasswordHash.php
new file mode 100644
index 00000000..a4060c64
--- /dev/null
+++ b/modules/user/libraries/PasswordHash.php
@@ -0,0 +1,268 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2008 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+/*
+ * The license above is only to allow this file to pass the Gallery preamble verification unit test.
+ * The following license is the valid license.  The tab characters were also replaced by 2 spaces.
+ * and the trailing '?>' was removed.
+ */
+# Portable PHP password hashing framework.
+#
+# Version 0.1 / genuine.
+#
+# Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
+# the public domain.
+#
+# There's absolutely no warranty.
+#
+# The homepage URL for this framework is:
+#
+#  http://www.openwall.com/phpass/
+#
+# Please be sure to update the Version line if you edit this file in any way.
+# It is suggested that you leave the main version number intact, but indicate
+# your project name (after the slash) and add your own revision information.
+#
+# Please do not change the "private" password hashing method implemented in
+# here, thereby making your hashes incompatible.  However, if you must, please
+# change the hash type identifier (the "$P$") to something different.
+#
+# Obviously, since this code is in the public domain, the above are not
+# requirements (there can be none), but merely suggestions.
+#
+class PasswordHash {
+  var $itoa64;
+  var $iteration_count_log2;
+  var $portable_hashes;
+  var $random_state;
+
+  function PasswordHash($iteration_count_log2, $portable_hashes)
+  {
+    $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+
+    if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
+      $iteration_count_log2 = 8;
+    $this->iteration_count_log2 = $iteration_count_log2;
+
+    $this->portable_hashes = $portable_hashes;
+
+    $this->random_state = microtime() . getmypid();
+  }
+
+  function get_random_bytes($count)
+  {
+    $output = '';
+    if (($fh = @fopen('/dev/urandom', 'rb'))) {
+      $output = fread($fh, $count);
+      fclose($fh);
+    }
+
+    if (strlen($output) < $count) {
+      $output = '';
+      for ($i = 0; $i < $count; $i += 16) {
+        $this->random_state =
+            md5(microtime() . $this->random_state);
+        $output .=
+            pack('H*', md5($this->random_state));
+      }
+      $output = substr($output, 0, $count);
+    }
+
+    return $output;
+  }
+
+  function encode64($input, $count)
+  {
+    $output = '';
+    $i = 0;
+    do {
+      $value = ord($input[$i++]);
+      $output .= $this->itoa64[$value & 0x3f];
+      if ($i < $count)
+        $value |= ord($input[$i]) << 8;
+      $output .= $this->itoa64[($value >> 6) & 0x3f];
+      if ($i++ >= $count)
+        break;
+      if ($i < $count)
+        $value |= ord($input[$i]) << 16;
+      $output .= $this->itoa64[($value >> 12) & 0x3f];
+      if ($i++ >= $count)
+        break;
+      $output .= $this->itoa64[($value >> 18) & 0x3f];
+    } while ($i < $count);
+
+    return $output;
+  }
+
+  function gensalt_private($input)
+  {
+    $output = '$P$';
+    $output .= $this->itoa64[min($this->iteration_count_log2 +
+      ((PHP_VERSION >= '5') ? 5 : 3), 30)];
+    $output .= $this->encode64($input, 6);
+
+    return $output;
+  }
+
+  function crypt_private($password, $setting)
+  {
+    $output = '*0';
+    if (substr($setting, 0, 2) == $output)
+      $output = '*1';
+
+    if (substr($setting, 0, 3) != '$P$')
+      return $output;
+
+    $count_log2 = strpos($this->itoa64, $setting[3]);
+    if ($count_log2 < 7 || $count_log2 > 30)
+      return $output;
+
+    $count = 1 << $count_log2;
+
+    $salt = substr($setting, 4, 8);
+    if (strlen($salt) != 8)
+      return $output;
+
+    # We're kind of forced to use MD5 here since it's the only
+    # cryptographic primitive available in all versions of PHP
+    # currently in use.  To implement our own low-level crypto
+    # in PHP would result in much worse performance and
+    # consequently in lower iteration counts and hashes that are
+    # quicker to crack (by non-PHP code).
+    if (PHP_VERSION >= '5') {
+      $hash = md5($salt . $password, TRUE);
+      do {
+        $hash = md5($hash . $password, TRUE);
+      } while (--$count);
+    } else {
+      $hash = pack('H*', md5($salt . $password));
+      do {
+        $hash = pack('H*', md5($hash . $password));
+      } while (--$count);
+    }
+
+    $output = substr($setting, 0, 12);
+    $output .= $this->encode64($hash, 16);
+
+    return $output;
+  }
+
+  function gensalt_extended($input)
+  {
+    $count_log2 = min($this->iteration_count_log2 + 8, 24);
+    # This should be odd to not reveal weak DES keys, and the
+    # maximum valid value is (2**24 - 1) which is odd anyway.
+    $count = (1 << $count_log2) - 1;
+
+    $output = '_';
+    $output .= $this->itoa64[$count & 0x3f];
+    $output .= $this->itoa64[($count >> 6) & 0x3f];
+    $output .= $this->itoa64[($count >> 12) & 0x3f];
+    $output .= $this->itoa64[($count >> 18) & 0x3f];
+
+    $output .= $this->encode64($input, 3);
+
+    return $output;
+  }
+
+  function gensalt_blowfish($input)
+  {
+    # This one needs to use a different order of characters and a
+    # different encoding scheme from the one in encode64() above.
+    # We care because the last character in our encoded string will
+    # only represent 2 bits.  While two known implementations of
+    # bcrypt will happily accept and correct a salt string which
+    # has the 4 unused bits set to non-zero, we do not want to take
+    # chances and we also do not want to waste an additional byte
+    # of entropy.
+    $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+
+    $output = '$2a$';
+    $output .= chr(ord('0') + $this->iteration_count_log2 / 10);
+    $output .= chr(ord('0') + $this->iteration_count_log2 % 10);
+    $output .= '$';
+
+    $i = 0;
+    do {
+      $c1 = ord($input[$i++]);
+      $output .= $itoa64[$c1 >> 2];
+      $c1 = ($c1 & 0x03) << 4;
+      if ($i >= 16) {
+        $output .= $itoa64[$c1];
+        break;
+      }
+
+      $c2 = ord($input[$i++]);
+      $c1 |= $c2 >> 4;
+      $output .= $itoa64[$c1];
+      $c1 = ($c2 & 0x0f) << 2;
+
+      $c2 = ord($input[$i++]);
+      $c1 |= $c2 >> 6;
+      $output .= $itoa64[$c1];
+      $output .= $itoa64[$c2 & 0x3f];
+    } while (1);
+
+    return $output;
+  }
+
+  function HashPassword($password)
+  {
+    $random = '';
+
+    if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
+      $random = $this->get_random_bytes(16);
+      $hash =
+          crypt($password, $this->gensalt_blowfish($random));
+      if (strlen($hash) == 60)
+        return $hash;
+    }
+
+    if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) {
+      if (strlen($random) < 3)
+        $random = $this->get_random_bytes(3);
+      $hash =
+          crypt($password, $this->gensalt_extended($random));
+      if (strlen($hash) == 20)
+        return $hash;
+    }
+
+    if (strlen($random) < 6)
+      $random = $this->get_random_bytes(6);
+    $hash =
+        $this->crypt_private($password,
+        $this->gensalt_private($random));
+    if (strlen($hash) == 34)
+      return $hash;
+
+    # Returning '*' on error is safe here, but would _not_ be safe
+    # in a crypt(3)-like function used _both_ for generating new
+    # hashes and for validating passwords against existing hashes.
+    return '*';
+  }
+
+  function CheckPassword($password, $stored_hash)
+  {
+    $hash = $this->crypt_private($password, $stored_hash);
+    if ($hash[0] == '*')
+      $hash = crypt($password, $stored_hash);
+
+    return $hash == $stored_hash;
+  }
+}
diff --git a/modules/user/tests/User_Installer_Test.php b/modules/user/tests/User_Installer_Test.php
index 84699c74..4ececd98 100644
--- a/modules/user/tests/User_Installer_Test.php
+++ b/modules/user/tests/User_Installer_Test.php
@@ -27,6 +27,7 @@ class User_Installer_Test extends Unit_Test_Case {
     $user = ORM::factory("user", 1);
     $this->assert_equal("Gallery Administrator", $user->display_name);
     $this->assert_equal("admin", $user->name);
+    $this->assert_true(user_password::is_correct_password($user, "admin"));
 
     $this->assert_equal(
       array("administrator", "registered"),