[Web] Add SSHA
This commit is contained in:
parent
3234550a5b
commit
02b10b0ed4
@ -89,6 +89,10 @@ function hash_password($password) {
|
|||||||
global $default_pass_scheme;
|
global $default_pass_scheme;
|
||||||
$pw_hash = NULL;
|
$pw_hash = NULL;
|
||||||
switch (strtoupper($default_pass_scheme)) {
|
switch (strtoupper($default_pass_scheme)) {
|
||||||
|
case "SSHA":
|
||||||
|
$salt_str = bin2hex(openssl_random_pseudo_bytes(8));
|
||||||
|
$pw_hash = "{SSHA}".base64_encode(hash('sha1', $password . $salt_str, true) . $salt_str);
|
||||||
|
break;
|
||||||
case "SSHA256":
|
case "SSHA256":
|
||||||
$salt_str = bin2hex(openssl_random_pseudo_bytes(8));
|
$salt_str = bin2hex(openssl_random_pseudo_bytes(8));
|
||||||
$pw_hash = "{SSHA256}".base64_encode(hash('sha256', $password . $salt_str, true) . $salt_str);
|
$pw_hash = "{SSHA256}".base64_encode(hash('sha256', $password . $salt_str, true) . $salt_str);
|
||||||
@ -494,6 +498,20 @@ function verify_hash($hash, $password) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
elseif (preg_match('/^{SSHA}/i', $hash)) {
|
||||||
|
// Remove tag if any
|
||||||
|
$hash = preg_replace('/^{SSHA}/i', '', $hash);
|
||||||
|
// Decode hash
|
||||||
|
$dhash = base64_decode($hash);
|
||||||
|
// Get first 20 bytes of binary which equals a SSHA hash
|
||||||
|
$ohash = substr($dhash, 0, 20);
|
||||||
|
// Remove SSHA hash from decoded hash to get original salt string
|
||||||
|
$osalt = str_replace($ohash, '', $dhash);
|
||||||
|
// Check single salted SSHA hash against extracted hash
|
||||||
|
if (hash_equals(hash('sha1', $password . $osalt, true), $ohash)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
elseif (preg_match('/^{PLAIN-MD5}/i', $hash)) {
|
elseif (preg_match('/^{PLAIN-MD5}/i', $hash)) {
|
||||||
$hash = preg_replace('/^{PLAIN-MD5}/i', '', $hash);
|
$hash = preg_replace('/^{PLAIN-MD5}/i', '', $hash);
|
||||||
if (md5($password) == $hash) {
|
if (md5($password) == $hash) {
|
||||||
|
Loading…
Reference in New Issue
Block a user