[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * Joomla! Content Management System 5 * 6 * @copyright (C) 2017 Open Source Matters, Inc. <https://www.joomla.org> 7 * @license GNU General Public License version 2 or later; see LICENSE.txt 8 */ 9 10 namespace Joomla\CMS\Authentication\Password; 11 12 use Joomla\Authentication\Password\HandlerInterface; 13 use Joomla\CMS\Crypt\Crypt; 14 use Joomla\CMS\User\UserHelper; 15 16 // phpcs:disable PSR1.Files.SideEffects 17 \defined('JPATH_PLATFORM') or die; 18 // phpcs:enable PSR1.Files.SideEffects 19 20 /** 21 * Password handler for MD5 hashed passwords 22 * 23 * @since 4.0.0 24 * @deprecated 5.0 Support for MD5 hashed passwords will be removed 25 */ 26 class MD5Handler implements HandlerInterface, CheckIfRehashNeededHandlerInterface 27 { 28 /** 29 * Check if the password requires rehashing 30 * 31 * @param string $hash The password hash to check 32 * 33 * @return boolean 34 * 35 * @since 4.0.0 36 */ 37 public function checkIfRehashNeeded(string $hash): bool 38 { 39 return true; 40 } 41 42 /** 43 * Generate a hash for a plaintext password 44 * 45 * @param string $plaintext The plaintext password to validate 46 * @param array $options Options for the hashing operation 47 * 48 * @return string 49 * 50 * @since 4.0.0 51 */ 52 public function hashPassword($plaintext, array $options = []) 53 { 54 $salt = UserHelper::genRandomPassword(32); 55 $crypted = md5($plaintext . $salt); 56 57 return $crypted . ':' . $salt; 58 } 59 60 /** 61 * Check that the password handler is supported in this environment 62 * 63 * @return boolean 64 * 65 * @since 4.0.0 66 */ 67 public static function isSupported() 68 { 69 return true; 70 } 71 72 /** 73 * Validate a password 74 * 75 * @param string $plaintext The plain text password to validate 76 * @param string $hashed The password hash to validate against 77 * 78 * @return boolean 79 * 80 * @since 4.0.0 81 */ 82 public function validatePassword($plaintext, $hashed) 83 { 84 // Check the password 85 $parts = explode(':', $hashed); 86 $salt = @$parts[1]; 87 88 // Compile the hash to compare 89 // If the salt is empty AND there is a ':' in the original hash, we must append ':' at the end 90 $testcrypt = md5($plaintext . $salt) . ($salt ? ':' . $salt : (strpos($hashed, ':') !== false ? ':' : '')); 91 92 return Crypt::timingSafeCompare($hashed, $testcrypt); 93 } 94 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |