| [ Index ] |
PHP Cross Reference of Joomla 1.5.26 DE |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @version $Id:helper.php 6961 2007-03-15 16:06:53Z tcp $ 4 * @package Joomla.Framework 5 * @subpackage User 6 * @copyright Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved. 7 * @license GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant 9 * to the GNU General Public License, and as distributed it includes or 10 * is derivative of works licensed under the GNU General Public License or 11 * other free or open source software licenses. 12 * See COPYRIGHT.php for copyright notices and details. 13 */ 14 defined('JPATH_BASE') or die(); 15 /** 16 * Authorization helper class, provides static methods to perform various tasks relevant 17 * to the Joomla user and authorization classes 18 * 19 * This class has influences and some method logic from the Horde Auth package 20 * 21 * @static 22 * @package Joomla.Framework 23 * @subpackage User 24 * @since 1.5 25 */ 26 class JUserHelper 27 { 28 /** 29 * Method to activate a user 30 * 31 * @param string $activation Activation string 32 * @return boolean True on success 33 * @since 1.5 34 */ 35 function activateUser($activation) 36 { 37 //Initialize some variables 38 $db = & JFactory::getDBO(); 39 40 // Lets get the id of the user we want to activate 41 $query = 'SELECT id' 42 . ' FROM #__users' 43 . ' WHERE activation = '.$db->Quote($activation) 44 . ' AND block = 1' 45 . ' AND lastvisitDate = '.$db->Quote('0000-00-00 00:00:00'); 46 ; 47 $db->setQuery( $query ); 48 $id = intval( $db->loadResult() ); 49 50 // Is it a valid user to activate? 51 if ($id) 52 { 53 $user =& JUser::getInstance( (int) $id ); 54 55 $user->set('block', '0'); 56 $user->set('activation', ''); 57 58 // Time to take care of business.... store the user. 59 if (!$user->save()) 60 { 61 JError::raiseWarning( "SOME_ERROR_CODE", $user->getError() ); 62 return false; 63 } 64 } 65 else 66 { 67 JError::raiseWarning( "SOME_ERROR_CODE", JText::_('UNABLE TO FIND A USER WITH GIVEN ACTIVATION STRING') ); 68 return false; 69 } 70 71 return true; 72 } 73 74 /** 75 * Returns userid if a user exists 76 * 77 * @param string The username to search on 78 * @return int The user id or 0 if not found 79 */ 80 function getUserId($username) 81 { 82 // Initialize some variables 83 $db = & JFactory::getDBO(); 84 85 $query = 'SELECT id FROM #__users WHERE username = ' . $db->Quote( $username ); 86 $db->setQuery($query, 0, 1); 87 return $db->loadResult(); 88 } 89 90 /** 91 * Formats a password using the current encryption. 92 * 93 * @access public 94 * @param string $plaintext The plaintext password to encrypt. 95 * @param string $salt The salt to use to encrypt the password. [] 96 * If not present, a new salt will be 97 * generated. 98 * @param string $encryption The kind of pasword encryption to use. 99 * Defaults to md5-hex. 100 * @param boolean $show_encrypt Some password systems prepend the kind of 101 * encryption to the crypted password ({SHA}, 102 * etc). Defaults to false. 103 * 104 * @return string The encrypted password. 105 */ 106 function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false) 107 { 108 // Get the salt to use. 109 $salt = JUserHelper::getSalt($encryption, $salt, $plaintext); 110 111 // Encrypt the password. 112 switch ($encryption) 113 { 114 case 'plain' : 115 return $plaintext; 116 117 case 'sha' : 118 $encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext)); 119 return ($show_encrypt) ? '{SHA}'.$encrypted : $encrypted; 120 121 case 'crypt' : 122 case 'crypt-des' : 123 case 'crypt-md5' : 124 case 'crypt-blowfish' : 125 return ($show_encrypt ? '{crypt}' : '').crypt($plaintext, $salt); 126 127 case 'md5-base64' : 128 $encrypted = base64_encode(mhash(MHASH_MD5, $plaintext)); 129 return ($show_encrypt) ? '{MD5}'.$encrypted : $encrypted; 130 131 case 'ssha' : 132 $encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext.$salt).$salt); 133 return ($show_encrypt) ? '{SSHA}'.$encrypted : $encrypted; 134 135 case 'smd5' : 136 $encrypted = base64_encode(mhash(MHASH_MD5, $plaintext.$salt).$salt); 137 return ($show_encrypt) ? '{SMD5}'.$encrypted : $encrypted; 138 139 case 'aprmd5' : 140 $length = strlen($plaintext); 141 $context = $plaintext.'$apr1$'.$salt; 142 $binary = JUserHelper::_bin(md5($plaintext.$salt.$plaintext)); 143 144 for ($i = $length; $i > 0; $i -= 16) { 145 $context .= substr($binary, 0, ($i > 16 ? 16 : $i)); 146 } 147 for ($i = $length; $i > 0; $i >>= 1) { 148 $context .= ($i & 1) ? chr(0) : $plaintext[0]; 149 } 150 151 $binary = JUserHelper::_bin(md5($context)); 152 153 for ($i = 0; $i < 1000; $i ++) { 154 $new = ($i & 1) ? $plaintext : substr($binary, 0, 16); 155 if ($i % 3) { 156 $new .= $salt; 157 } 158 if ($i % 7) { 159 $new .= $plaintext; 160 } 161 $new .= ($i & 1) ? substr($binary, 0, 16) : $plaintext; 162 $binary = JUserHelper::_bin(md5($new)); 163 } 164 165 $p = array (); 166 for ($i = 0; $i < 5; $i ++) { 167 $k = $i +6; 168 $j = $i +12; 169 if ($j == 16) { 170 $j = 5; 171 } 172 $p[] = JUserHelper::_toAPRMD5((ord($binary[$i]) << 16) | (ord($binary[$k]) << 8) | (ord($binary[$j])), 5); 173 } 174 175 return '$apr1$'.$salt.'$'.implode('', $p).JUserHelper::_toAPRMD5(ord($binary[11]), 3); 176 177 case 'md5-hex' : 178 default : 179 $encrypted = ($salt) ? md5($plaintext.$salt) : md5($plaintext); 180 return ($show_encrypt) ? '{MD5}'.$encrypted : $encrypted; 181 } 182 } 183 184 /** 185 * Returns a salt for the appropriate kind of password encryption. 186 * Optionally takes a seed and a plaintext password, to extract the seed 187 * of an existing password, or for encryption types that use the plaintext 188 * in the generation of the salt. 189 * 190 * @access public 191 * @param string $encryption The kind of pasword encryption to use. 192 * Defaults to md5-hex. 193 * @param string $seed The seed to get the salt from (probably a 194 * previously generated password). Defaults to 195 * generating a new seed. 196 * @param string $plaintext The plaintext password that we're generating 197 * a salt for. Defaults to none. 198 * 199 * @return string The generated or extracted salt. 200 */ 201 function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '') 202 { 203 // Encrypt the password. 204 switch ($encryption) 205 { 206 case 'crypt' : 207 case 'crypt-des' : 208 if ($seed) { 209 return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 2); 210 } else { 211 return substr(md5(mt_rand()), 0, 2); 212 } 213 break; 214 215 case 'crypt-md5' : 216 if ($seed) { 217 return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 12); 218 } else { 219 return '$1$'.substr(md5(mt_rand()), 0, 8).'$'; 220 } 221 break; 222 223 case 'crypt-blowfish' : 224 if ($seed) { 225 return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 16); 226 } else { 227 return '$2$'.substr(md5(mt_rand()), 0, 12).'$'; 228 } 229 break; 230 231 case 'ssha' : 232 if ($seed) { 233 return substr(preg_replace('|^{SSHA}|', '', $seed), -20); 234 } else { 235 return mhash_keygen_s2k(MHASH_SHA1, $plaintext, substr(pack('h*', md5(mt_rand())), 0, 8), 4); 236 } 237 break; 238 239 case 'smd5' : 240 if ($seed) { 241 return substr(preg_replace('|^{SMD5}|', '', $seed), -16); 242 } else { 243 return mhash_keygen_s2k(MHASH_MD5, $plaintext, substr(pack('h*', md5(mt_rand())), 0, 8), 4); 244 } 245 break; 246 247 case 'aprmd5' : 248 /* 64 characters that are valid for APRMD5 passwords. */ 249 $APRMD5 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; 250 251 if ($seed) { 252 return substr(preg_replace('/^\$apr1\$(.{8}).*/', '\\1', $seed), 0, 8); 253 } else { 254 $salt = ''; 255 for ($i = 0; $i < 8; $i ++) { 256 $salt .= $APRMD5 { 257 rand(0, 63) 258 }; 259 } 260 return $salt; 261 } 262 break; 263 264 default : 265 $salt = ''; 266 if ($seed) { 267 $salt = $seed; 268 } 269 return $salt; 270 break; 271 } 272 } 273 274 /** 275 * Generate a random password on PHP4 276 * The password is not truely random, but the best we can do for PHP4. 277 * To get a stronger random number, use PHP5. 278 * 279 * @static 280 * @param int $length Length of the password to generate 281 * @return string Random Password 282 * @since 1.5.26 283 */ 284 function genRandomPasswordPHP4($length = 8) 285 { 286 $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; 287 $len = strlen($salt); 288 $makepass = ''; 289 290 for ($i = 0; $i < $length; $i ++) { 291 $makepass .= $salt[mt_rand(0, $len -1)]; 292 } 293 294 return $makepass; 295 } 296 297 /** 298 * Generate a random password 299 * This method is secure. 300 * 301 * @static 302 * @param int $length Length of the password to generate 303 * @return string Random Password 304 * @since 1.5.26 305 */ 306 function genRandomPasswordPHP5($length = 8) 307 { 308 $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; 309 $base = strlen($salt); 310 $makepass = ''; 311 312 /* 313 * Start with a cryptographic strength random string, then convert it to 314 * a string with the numeric base of the salt. 315 * Shift the base conversion on each character so the character 316 * distribution is even, and randomize the start shift so it's not 317 * predictable. 318 */ 319 jimport('joomla.crypt.crypt'); 320 $random = JCrypt::genRandomBytes($length + 1); 321 $shift = ord($random[0]); 322 323 for ($i = 1; $i <= $length; ++$i) 324 { 325 $makepass .= $salt[($shift + ord($random[$i])) % $base]; 326 $shift += ord($random[$i]); 327 } 328 329 return $makepass; 330 } 331 332 /** 333 * Generate a random password 334 * 335 * @static 336 * @param int $length Length of the password to generate 337 * @return string Random Password 338 * @since 1.5 339 */ 340 function genRandomPassword($length = 8) 341 { 342 if (version_compare(PHP_VERSION, '5.0.0', '<')) { 343 return $makepass = JUserHelper::genRandomPasswordPHP4($length); 344 } 345 else { 346 return $makepass = JUserHelper::genRandomPasswordPHP5($length); 347 } 348 } 349 350 /** 351 * Converts to allowed 64 characters for APRMD5 passwords. 352 * 353 * @access private 354 * @param string $value 355 * @param integer $count 356 * @return string $value converted to the 64 MD5 characters. 357 * @since 1.5 358 */ 359 function _toAPRMD5($value, $count) 360 { 361 /* 64 characters that are valid for APRMD5 passwords. */ 362 $APRMD5 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; 363 364 $aprmd5 = ''; 365 $count = abs($count); 366 while (-- $count) { 367 $aprmd5 .= $APRMD5[$value & 0x3f]; 368 $value >>= 6; 369 } 370 return $aprmd5; 371 } 372 373 /** 374 * Converts hexadecimal string to binary data. 375 * 376 * @access private 377 * @param string $hex Hex data. 378 * @return string Binary data. 379 * @since 1.5 380 */ 381 function _bin($hex) 382 { 383 $bin = ''; 384 $length = strlen($hex); 385 for ($i = 0; $i < $length; $i += 2) { 386 $tmp = sscanf(substr($hex, $i, 2), '%x'); 387 $bin .= chr(array_shift($tmp)); 388 } 389 return $bin; 390 } 391 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Mar 28 15:54:07 2012 | Cross-referenced by PHPXref 0.7.1 |