szurubooru/src/Services/PasswordService.php

<?php
namespace Szurubooru\Services;

class PasswordService
{
	private $config;
	private $alphabet;
	private $pattern;

	public function __construct(\Szurubooru\Config $config)
	{
		$this->config = $config;
		$this->alphabet =
		[
			'c' => str_split('bcdfghjklmnpqrstvwxyz'),
			'v' => str_split('aeiou'),
			'n' => str_split('0123456789'),
		];
		$this->pattern = str_split('cvcvnncvcv');
	}

	public function getLegacyHash($password, $salt)
	{
		//hash used by old szurubooru version
		return sha1('1A2/$_4xVa' . $salt . $password);
	}

	public function getHash($password, $salt)
	{
		return hash('sha256', $this->config->security->secret . $salt . $password);
	}

	public function isHashValid($password, $salt, $expectedPasswordHash)
	{
		$hashes =
		[
			$this->getLegacyHash($password, $salt),
			$this->getHash($password, $salt),
		];
		return in_array($expectedPasswordHash, $hashes);
	}

	public function getRandomPassword()
	{
		$password = '';
		foreach ($this->pattern as $token)
		{
			$subAlphabet = $this->alphabet[$token];
			$character = $subAlphabet[mt_rand(0, count($subAlphabet) - 1)];
			$password .= $character;
		}
		return $password;
	}
}
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`<?php`
			`namespace Szurubooru\Services;`

			`class PasswordService`
			`{`
			`private $config;`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`private $alphabet;`
			`private $pattern;`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00
			`public function __construct(\Szurubooru\Config $config)`
			`{`
			`$this->config = $config;`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`$this->alphabet =`
			`[`
			`'c' => str_split('bcdfghjklmnpqrstvwxyz'),`
			`'v' => str_split('aeiou'),`
			`'n' => str_split('0123456789'),`
			`];`
			`$this->pattern = str_split('cvcvnncvcv');`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`}`

Added support for legacy passwords 2014-10-05 22:26:56 +02:00			`public function getLegacyHash($password, $salt)`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`{`
Added support for legacy passwords 2014-10-05 22:26:56 +02:00			`//hash used by old szurubooru version`
			`return sha1('1A2/$_4xVa' . $salt . $password);`
			`}`

			`public function getHash($password, $salt)`
			`{`
			`return hash('sha256', $this->config->security->secret . $salt . $password);`
			`}`

			`public function isHashValid($password, $salt, $expectedPasswordHash)`
			`{`
			`$hashes =`
			`[`
			`$this->getLegacyHash($password, $salt),`
			`$this->getHash($password, $salt),`
			`];`
			`return in_array($expectedPasswordHash, $hashes);`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`}`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00
			`public function getRandomPassword()`
			`{`
			`$password = '';`
			`foreach ($this->pattern as $token)`
			`{`
			`$subAlphabet = $this->alphabet[$token];`
			`$character = $subAlphabet[mt_rand(0, count($subAlphabet) - 1)];`
			`$password .= $character;`
			`}`
			`return $password;`
			`}`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`}`