Changeset 59030 for trunk/src/wp-includes/class-phpass.php
- Timestamp:
- 09/17/2024 09:06:30 PM (4 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-phpass.php
r55310 r59030 11 11 # Portable PHP password hashing framework. 12 12 # 13 # Version 0.5 / WordPress.13 # Version 0.5.4 / WordPress. 14 14 # 15 15 # Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in … … 52 52 $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; 53 53 54 if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) 54 if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) { 55 55 $iteration_count_log2 = 8; 56 } 56 57 $this->iteration_count_log2 = $iteration_count_log2; 57 58 … … 59 60 60 61 $this->random_state = microtime(); 61 if (function_exists('getmypid')) 62 if (function_exists('getmypid')) { 62 63 $this->random_state .= getmypid(); 64 } 63 65 } 64 66 … … 97 99 $value = ord($input[$i++]); 98 100 $output .= $this->itoa64[$value & 0x3f]; 99 if ($i < $count) 101 if ($i < $count) { 100 102 $value |= ord($input[$i]) << 8; 103 } 101 104 $output .= $this->itoa64[($value >> 6) & 0x3f]; 102 if ($i++ >= $count) 105 if ($i++ >= $count) { 103 106 break; 104 if ($i < $count) 107 } 108 if ($i < $count) { 105 109 $value |= ord($input[$i]) << 16; 110 } 106 111 $output .= $this->itoa64[($value >> 12) & 0x3f]; 107 if ($i++ >= $count) 112 if ($i++ >= $count) { 108 113 break; 114 } 109 115 $output .= $this->itoa64[($value >> 18) & 0x3f]; 110 116 } while ($i < $count); … … 116 122 { 117 123 $output = '$P$'; 118 $output .= $this->itoa64[min($this->iteration_count_log2 + 119 ((PHP_VERSION >= '5') ? 5 : 3),30)];124 $output .= $this->itoa64[min($this->iteration_count_log2 + 5, 125 30)]; 120 126 $output .= $this->encode64($input, 6); 121 127 … … 126 132 { 127 133 $output = '*0'; 128 if (substr($setting, 0, 2) === $output) 134 if (substr($setting, 0, 2) === $output) { 129 135 $output = '*1'; 136 } 130 137 131 138 $id = substr($setting, 0, 3); 132 139 # We use "$P$", phpBB3 uses "$H$" for the same thing 133 if ($id !== '$P$' && $id !== '$H$') 140 if ($id !== '$P$' && $id !== '$H$') { 134 141 return $output; 142 } 135 143 136 144 $count_log2 = strpos($this->itoa64, $setting[3]); 137 if ($count_log2 < 7 || $count_log2 > 30) 145 if ($count_log2 < 7 || $count_log2 > 30) { 138 146 return $output; 147 } 139 148 140 149 $count = 1 << $count_log2; 141 150 142 151 $salt = substr($setting, 4, 8); 143 if (strlen($salt) !== 8) 152 if (strlen($salt) !== 8) { 144 153 return $output; 154 } 145 155 146 156 # We were kind of forced to use MD5 here since it's the only … … 175 185 $output = '$2a$'; 176 186 $output .= chr((int)(ord('0') + $this->iteration_count_log2 / 10)); 177 $output .= chr( (ord('0') + $this->iteration_count_log2 % 10));187 $output .= chr(ord('0') + $this->iteration_count_log2 % 10); 178 188 $output .= '$'; 179 189 … … 214 224 $hash = 215 225 crypt($password, $this->gensalt_blowfish($random)); 216 if (strlen($hash) === 60) 226 if (strlen($hash) === 60) { 217 227 return $hash; 218 } 219 220 if (strlen($random) < 6) 228 } 229 } 230 231 if (strlen($random) < 6) { 221 232 $random = $this->get_random_bytes(6); 233 } 222 234 $hash = 223 235 $this->crypt_private($password, 224 236 $this->gensalt_private($random)); 225 if (strlen($hash) === 34) 237 if (strlen($hash) === 34) { 226 238 return $hash; 239 } 227 240 228 241 # Returning '*' on error is safe here, but would _not_ be safe … … 239 252 240 253 $hash = $this->crypt_private($password, $stored_hash); 241 if ($hash[0] === '*') 254 if ($hash[0] === '*') { 242 255 $hash = crypt($password, $stored_hash); 256 } 243 257 244 258 # This is not constant-time. In order to keep the code simple,
Note: See TracChangeset
for help on using the changeset viewer.