diff options
Diffstat (limited to 'modules/user/helpers/user_password.php')
| -rw-r--r-- | modules/user/helpers/user_password.php | 83 |
1 files changed, 0 insertions, 83 deletions
diff --git a/modules/user/helpers/user_password.php b/modules/user/helpers/user_password.php deleted file mode 100644 index 45de5bef..00000000 --- a/modules/user/helpers/user_password.php +++ /dev/null @@ -1,83 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class user_password { - - /** - * Is the password provided correct? - * - * @param user User Model - * @param string $password a plaintext password - * @return boolean true if the password is correct - */ - public static function is_correct_password($user, $password) { - $valid = $user->password; - - $salt = substr($valid, 0, 4); - /* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */ - $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); - if (!strcmp($guess, $valid)) { - return true; - } - - /* Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */ - $sanitizedPassword = html::specialchars($password, false); - $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) - : ($salt . md5($salt . $sanitizedPassword)); - if (!strcmp($guess, $valid)) { - return true; - } - - /* Also support hashes generated by phpass for interoperability with other applications */ - if (strlen($valid) == 34) { - $hashGenerator = new PasswordHash(10, true); - return $hashGenerator->CheckPassword($password, $valid); - } - - return false; - } - - /** - * Create the hashed passwords. - * @param string $password a plaintext password - * @return string hashed password - */ - public static function hash_password($password) { - return user_password::_md5Salt($password); - } - - /** - * Create a hashed password using md5 plus salt. - * @param string $password plaintext password - * @param string $salt (optional) salt or hash containing salt (randomly generated if omitted) - * @return string hashed password - */ - private static function _md5Salt($password, $salt='') { - if (empty($salt)) { - for ($i = 0; $i < 4; $i++) { - $char = mt_rand(48, 109); - $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0; - $salt .= chr($char); - } - } else { - $salt = substr($salt, 0, 4); - } - return $salt . md5($salt . $password); - } -} |