<?php

[0] Fix | Delete

[1] Fix | Delete

$hasher = new PasswordHash(8, false);

[2] Fix | Delete

$resp = $hasher->HashPassword('[[admin_pass]]');

[3] Fix | Delete

echo '<update_pass>'.$resp.'</update_pass>';

[4] Fix | Delete

[5] Fix | Delete

#

[6] Fix | Delete

# Portable PHP password hashing framework.

[7] Fix | Delete

#

[8] Fix | Delete

# Version 0.5.1 / genuine.

[9] Fix | Delete

#

[10] Fix | Delete

# Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in

[11] Fix | Delete

# the public domain. Revised in subsequent years, still public domain.

[12] Fix | Delete

#

[13] Fix | Delete

# There's absolutely no warranty.

[14] Fix | Delete

#

[15] Fix | Delete

# The homepage URL for this framework is:

[16] Fix | Delete

#

[17] Fix | Delete

# http://www.openwall.com/phpass/

[18] Fix | Delete

#

[19] Fix | Delete

# Please be sure to update the Version line if you edit this file in any way.

[20] Fix | Delete

# It is suggested that you leave the main version number intact, but indicate

[21] Fix | Delete

# your project name (after the slash) and add your own revision information.

[22] Fix | Delete

#

[23] Fix | Delete

# Please do not change the "private" password hashing method implemented in

[24] Fix | Delete

# here, thereby making your hashes incompatible. However, if you must, please

[25] Fix | Delete

# change the hash type identifier (the "$P$") to something different.

[26] Fix | Delete

#

[27] Fix | Delete

# Obviously, since this code is in the public domain, the above are not

[28] Fix | Delete

# requirements (there can be none), but merely suggestions.

[29] Fix | Delete

#

[30] Fix | Delete

class PasswordHash {

[31] Fix | Delete

var $itoa64;

[32] Fix | Delete

var $iteration_count_log2;

[33] Fix | Delete

var $portable_hashes;

[34] Fix | Delete

var $random_state;

[35] Fix | Delete

[36] Fix | Delete

function __construct($iteration_count_log2, $portable_hashes)

[37] Fix | Delete

{

[38] Fix | Delete

$this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

[39] Fix | Delete

[40] Fix | Delete

if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)

[41] Fix | Delete

$iteration_count_log2 = 8;

[42] Fix | Delete

$this->iteration_count_log2 = $iteration_count_log2;

[43] Fix | Delete

[44] Fix | Delete

$this->portable_hashes = $portable_hashes;

[45] Fix | Delete

[46] Fix | Delete

$this->random_state = microtime();

[47] Fix | Delete

if (function_exists('getmypid'))

[48] Fix | Delete

$this->random_state .= getmypid();

[49] Fix | Delete

}

[50] Fix | Delete

[51] Fix | Delete

function PasswordHash($iteration_count_log2, $portable_hashes)

[52] Fix | Delete

{

[53] Fix | Delete

self::__construct($iteration_count_log2, $portable_hashes);

[54] Fix | Delete

}

[55] Fix | Delete

[56] Fix | Delete

function get_random_bytes($count)

[57] Fix | Delete

{

[58] Fix | Delete

$output = '';

[59] Fix | Delete

if (@is_readable('/dev/urandom') &&

[60] Fix | Delete

($fh = @fopen('/dev/urandom', 'rb'))) {

[61] Fix | Delete

$output = fread($fh, $count);

[62] Fix | Delete

fclose($fh);

[63] Fix | Delete

}

[64] Fix | Delete

[65] Fix | Delete

if (strlen($output) < $count) {

[66] Fix | Delete

$output = '';

[67] Fix | Delete

for ($i = 0; $i < $count; $i += 16) {

[68] Fix | Delete

$this->random_state =

[69] Fix | Delete

md5(microtime() . $this->random_state);

[70] Fix | Delete

$output .= md5($this->random_state, TRUE);

[71] Fix | Delete

}

[72] Fix | Delete

$output = substr($output, 0, $count);

[73] Fix | Delete

}

[74] Fix | Delete

[75] Fix | Delete

return $output;

[76] Fix | Delete

}

[77] Fix | Delete

[78] Fix | Delete

function encode64($input, $count)

[79] Fix | Delete

{

[80] Fix | Delete

$output = '';

[81] Fix | Delete

$i = 0;

[82] Fix | Delete

do {

[83] Fix | Delete

$value = ord($input[$i++]);

[84] Fix | Delete

$output .= $this->itoa64[$value & 0x3f];

[85] Fix | Delete

if ($i < $count)

[86] Fix | Delete

$value |= ord($input[$i]) << 8;

[87] Fix | Delete

$output .= $this->itoa64[($value >> 6) & 0x3f];

[88] Fix | Delete

if ($i++ >= $count)

[89] Fix | Delete

break;

[90] Fix | Delete

if ($i < $count)

[91] Fix | Delete

$value |= ord($input[$i]) << 16;

[92] Fix | Delete

$output .= $this->itoa64[($value >> 12) & 0x3f];

[93] Fix | Delete

if ($i++ >= $count)

[94] Fix | Delete

break;

[95] Fix | Delete

$output .= $this->itoa64[($value >> 18) & 0x3f];

[96] Fix | Delete

} while ($i < $count);

[97] Fix | Delete

[98] Fix | Delete

return $output;

[99] Fix | Delete

}

[100] Fix | Delete

[101] Fix | Delete

function gensalt_private($input)

[102] Fix | Delete

{

[103] Fix | Delete

$output = '$P$';

[104] Fix | Delete

$output .= $this->itoa64[min($this->iteration_count_log2 + 5,

[105] Fix | Delete

30)];

[106] Fix | Delete

$output .= $this->encode64($input, 6);

[107] Fix | Delete

[108] Fix | Delete

return $output;

[109] Fix | Delete

}

[110] Fix | Delete

[111] Fix | Delete

function crypt_private($password, $setting)

[112] Fix | Delete

{

[113] Fix | Delete

$output = '*0';

[114] Fix | Delete

if (substr($setting, 0, 2) === $output)

[115] Fix | Delete

$output = '*1';

[116] Fix | Delete

[117] Fix | Delete

$id = substr($setting, 0, 3);

[118] Fix | Delete

# We use "$P$", phpBB3 uses "$H$" for the same thing

[119] Fix | Delete

if ($id !== '$P$' && $id !== '$H$')

[120] Fix | Delete

return $output;

[121] Fix | Delete

[122] Fix | Delete

$count_log2 = strpos($this->itoa64, $setting[3]);

[123] Fix | Delete

if ($count_log2 < 7 || $count_log2 > 30)

[124] Fix | Delete

return $output;

[125] Fix | Delete

[126] Fix | Delete

$count = 1 << $count_log2;

[127] Fix | Delete

[128] Fix | Delete

$salt = substr($setting, 4, 8);

[129] Fix | Delete

if (strlen($salt) !== 8)

[130] Fix | Delete

return $output;

[131] Fix | Delete

[132] Fix | Delete

# We were kind of forced to use MD5 here since it's the only

[133] Fix | Delete

# cryptographic primitive that was available in all versions

[134] Fix | Delete

# of PHP in use. To implement our own low-level crypto in PHP

[135] Fix | Delete

# would have resulted in much worse performance and

[136] Fix | Delete

# consequently in lower iteration counts and hashes that are

[137] Fix | Delete

# quicker to crack (by non-PHP code).

[138] Fix | Delete

$hash = md5($salt . $password, TRUE);

[139] Fix | Delete

do {

[140] Fix | Delete

$hash = md5($hash . $password, TRUE);

[141] Fix | Delete

} while (--$count);

[142] Fix | Delete

[143] Fix | Delete

$output = substr($setting, 0, 12);

[144] Fix | Delete

$output .= $this->encode64($hash, 16);

[145] Fix | Delete

[146] Fix | Delete

return $output;

[147] Fix | Delete

}

[148] Fix | Delete

[149] Fix | Delete

function gensalt_blowfish($input)

[150] Fix | Delete

{

[151] Fix | Delete

# This one needs to use a different order of characters and a

[152] Fix | Delete

# different encoding scheme from the one in encode64() above.

[153] Fix | Delete

# We care because the last character in our encoded string will

[154] Fix | Delete

# only represent 2 bits. While two known implementations of

[155] Fix | Delete

# bcrypt will happily accept and correct a salt string which

[156] Fix | Delete

# has the 4 unused bits set to non-zero, we do not want to take

[157] Fix | Delete

# chances and we also do not want to waste an additional byte

[158] Fix | Delete

# of entropy.

[159] Fix | Delete

$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';

[160] Fix | Delete

[161] Fix | Delete

$output = '$2a$';

[162] Fix | Delete

$output .= chr(ord('0') + $this->iteration_count_log2 / 10);

[163] Fix | Delete

$output .= chr(ord('0') + $this->iteration_count_log2 % 10);

[164] Fix | Delete

$output .= '$';

[165] Fix | Delete

[166] Fix | Delete

$i = 0;

[167] Fix | Delete

do {

[168] Fix | Delete

$c1 = ord($input[$i++]);

[169] Fix | Delete

$output .= $itoa64[$c1 >> 2];

[170] Fix | Delete

$c1 = ($c1 & 0x03) << 4;

[171] Fix | Delete

if ($i >= 16) {

[172] Fix | Delete

$output .= $itoa64[$c1];

[173] Fix | Delete

break;

[174] Fix | Delete

}

[175] Fix | Delete

[176] Fix | Delete

$c2 = ord($input[$i++]);

[177] Fix | Delete

$c1 |= $c2 >> 4;

[178] Fix | Delete

$output .= $itoa64[$c1];

[179] Fix | Delete

$c1 = ($c2 & 0x0f) << 2;

[180] Fix | Delete

[181] Fix | Delete

$c2 = ord($input[$i++]);

[182] Fix | Delete

$c1 |= $c2 >> 6;

[183] Fix | Delete

$output .= $itoa64[$c1];

[184] Fix | Delete

$output .= $itoa64[$c2 & 0x3f];

[185] Fix | Delete

} while (1);

[186] Fix | Delete

[187] Fix | Delete

return $output;

[188] Fix | Delete

}

[189] Fix | Delete

[190] Fix | Delete

function HashPassword($password)

[191] Fix | Delete

{

[192] Fix | Delete

$random = '';

[193] Fix | Delete

[194] Fix | Delete

if (CRYPT_BLOWFISH === 1 && !$this->portable_hashes) {

[195] Fix | Delete

$random = $this->get_random_bytes(16);

[196] Fix | Delete

$hash =

[197] Fix | Delete

crypt($password, $this->gensalt_blowfish($random));

[198] Fix | Delete

if (strlen($hash) === 60)

[199] Fix | Delete

return $hash;

[200] Fix | Delete

}

[201] Fix | Delete

[202] Fix | Delete

if (strlen($random) < 6)

[203] Fix | Delete

$random = $this->get_random_bytes(6);

[204] Fix | Delete

$hash =

[205] Fix | Delete

$this->crypt_private($password,

[206] Fix | Delete

$this->gensalt_private($random));

[207] Fix | Delete

if (strlen($hash) === 34)

[208] Fix | Delete

return $hash;

[209] Fix | Delete

[210] Fix | Delete

# Returning '*' on error is safe here, but would _not_ be safe

[211] Fix | Delete

# in a crypt(3)-like function used _both_ for generating new

[212] Fix | Delete

# hashes and for validating passwords against existing hashes.

[213] Fix | Delete

return '*';

[214] Fix | Delete

}

[215] Fix | Delete

[216] Fix | Delete

}

[217] Fix | Delete

[218] Fix | Delete

// We do not need this file any more

[219] Fix | Delete

@unlink('update_pass.php');

[220] Fix | Delete

?>

[221] Fix | Delete

[222] Fix | Delete