From 2019e9a931ffde9b2358241aa1844b4a826a76f9 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 12 Nov 2008 15:53:39 +0000
Subject: Remove user_password class and move the functionality into the user
 helper class

---
 modules/user/helpers/user_password.php | 83 ----------------------------------
 1 file changed, 83 deletions(-)
 delete mode 100644 modules/user/helpers/user_password.php

(limited to 'modules/user/helpers/user_password.php')

diff --git a/modules/user/helpers/user_password.php b/modules/user/helpers/user_password.php
deleted file mode 100644
index 45de5bef..00000000
--- a/modules/user/helpers/user_password.php
+++ /dev/null
@@ -1,83 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2008 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class user_password {
-
-  /**
-   * Is the password provided correct?
-   *
-   * @param user User Model
-   * @param string $password a plaintext password
-   * @return boolean true if the password is correct
-   */
-  public static function is_correct_password($user, $password) {
-    $valid = $user->password;
-
-    $salt = substr($valid, 0, 4);
-    /* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */
-    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
-    if (!strcmp($guess, $valid)) {
-      return true;
-    }
-
-    /* Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */
-    $sanitizedPassword = html::specialchars($password, false);
-    $guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
-          : ($salt . md5($salt . $sanitizedPassword));
-    if (!strcmp($guess, $valid)) {
-      return true;
-    }
-
-    /* Also support hashes generated by phpass for interoperability with other applications */
-    if (strlen($valid) == 34) {
-      $hashGenerator = new PasswordHash(10, true);
-      return $hashGenerator->CheckPassword($password, $valid);
-    }
-
-    return false;
-  }
-
-  /**
-   * Create the hashed passwords.
-   * @param string $password a plaintext password
-   * @return string hashed password
-   */
-  public static function hash_password($password) {
-    return user_password::_md5Salt($password);
-  }
-
-  /**
-   * Create a hashed password using md5 plus salt.
-   * @param string $password plaintext password
-   * @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
-   * @return string hashed password
-   */
-  private static function _md5Salt($password, $salt='') {
-    if (empty($salt)) {
-      for ($i = 0; $i < 4; $i++) {
-        $char = mt_rand(48, 109);
-        $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
-        $salt .= chr($char);
-      }
-    } else {
-      $salt = substr($salt, 0, 4);
-    }
-    return $salt . md5($salt . $password);
-  }
-}
-- 
cgit v1.2.3