search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix calendar css, take 2. (#213)
[openemr.git] / interface / modules / zend_modules / library / Zend / Crypt / Password / Apache.php
blob7a0cd12fbb48749e9475f968ed7582af69ffb41c
1 <?php
2 /**
3 * Zend Framework (http://framework.zend.com/)
4 *
5 * @link http://github.com/zendframework/zf2 for the canonical source repository
6 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
7 * @license http://framework.zend.com/license/new-bsd New BSD License
8 */
9
10 namespace Zend\Crypt\Password;
11
12 use Traversable;
13 use Zend\Math\Rand;
14 use Zend\Crypt\Utils;
15
16 /**
17 * Apache password authentication
18 *
19 * @see http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
20 */
21 class Apache implements PasswordInterface
22 {
23 const BASE64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
24 const ALPHA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
25
26 /**
27 * @var array
28 */
29 protected $supportedFormat = array(
30 'crypt',
31 'sha1',
32 'md5',
33 'digest',
34 );
35
36 /**
37 * @var string
38 */
39 protected $format;
40
41 /**
42 * @var string AuthName (realm) for digest authentication
43 */
44 protected $authName;
45
46 /**
47 * @var string UserName
48 */
49 protected $userName;
50
51 /**
52 * Constructor
53 *
54 * @param array|Traversable $options
55 * @throws Exception\InvalidArgumentException
56 */
57 public function __construct($options = array())
58 {
59 if (empty($options)) {
60 return;
61 }
62 if (!is_array($options) && !$options instanceof Traversable) {
63 throw new Exception\InvalidArgumentException(
64 'The options parameter must be an array or a Traversable'
65 );
66 }
67 foreach ($options as $key => $value) {
68 switch (strtolower($key)) {
69 case 'format':
70 $this->setFormat($value);
71 break;
72 case 'authname':
73 $this->setAuthName($value);
74 break;
75 case 'username':
76 $this->setUserName($value);
77 break;
78 }
79 }
80 }
81
82 /**
83 * Generate the hash of a password
84 *
85 * @param string $password
86 * @throws Exception\RuntimeException
87 * @return string
88 */
89 public function create($password)
90 {
91 if (empty($this->format)) {
92 throw new Exception\RuntimeException(
93 'You must specify a password format'
94 );
95 }
96 switch ($this->format) {
97 case 'crypt':
98 $hash = crypt($password, Rand::getString(2, self::ALPHA64));
99 break;
100 case 'sha1':
101 $hash = '{SHA}' . base64_encode(sha1($password, true));
102 break;
103 case 'md5':
104 $hash = $this->apr1Md5($password);
105 break;
106 case 'digest':
107 if (empty($this->userName) || empty($this->authName)) {
108 throw new Exception\RuntimeException(
109 'You must specify UserName and AuthName (realm) to generate the digest'
110 );
111 }
112 $hash = md5($this->userName . ':' . $this->authName . ':' .$password);
113 break;
114 }
115
116 return $hash;
117 }
118
119 /**
120 * Verify if a password is correct against a hash value
121 *
122 * @param string $password
123 * @param string $hash
124 * @return bool
125 */
126 public function verify($password, $hash)
127 {
128 if (substr($hash, 0, 5) === '{SHA}') {
129 $hash2 = '{SHA}' . base64_encode(sha1($password, true));
130 return Utils::compareStrings($hash, $hash2);
131 }
132
133 if (substr($hash, 0, 6) === '$apr1$') {
134 $token = explode('$', $hash);
135 if (empty($token[2])) {
136 throw new Exception\InvalidArgumentException(
137 'The APR1 password format is not valid'
138 );
139 }
140 $hash2 = $this->apr1Md5($password, $token[2]);
141 return Utils::compareStrings($hash, $hash2);
142 }
143
144 $bcryptPattern = '/\$2[ay]?\$[0-9]{2}\$[' . addcslashes(static::BASE64, '+/') . '\.]{53}/';
145
146 if (strlen($hash) > 13 && ! preg_match($bcryptPattern, $hash)) { // digest
147 if (empty($this->userName) || empty($this->authName)) {
148 throw new Exception\RuntimeException(
149 'You must specify UserName and AuthName (realm) to verify the digest'
150 );
151 }
152 $hash2 = md5($this->userName . ':' . $this->authName . ':' .$password);
153 return Utils::compareStrings($hash, $hash2);
154 }
155
156 return Utils::compareStrings($hash, crypt($password, $hash));
157 }
158
159 /**
160 * Set the format of the password
161 *
162 * @param string $format
163 * @throws Exception\InvalidArgumentException
164 * @return Apache
165 */
166 public function setFormat($format)
167 {
168 $format = strtolower($format);
169 if (!in_array($format, $this->supportedFormat)) {
170 throw new Exception\InvalidArgumentException(sprintf(
171 'The format %s specified is not valid. The supported formats are: %s',
172 $format,
173 implode(',', $this->supportedFormat)
174 ));
175 }
176 $this->format = $format;
177
178 return $this;
179 }
180
181 /**
182 * Get the format of the password
183 *
184 * @return string
185 */
186 public function getFormat()
187 {
188 return $this->format;
189 }
190
191 /**
192 * Set the AuthName (for digest authentication)
193 *
194 * @param string $name
195 * @return Apache
196 */
197 public function setAuthName($name)
198 {
199 $this->authName = $name;
200
201 return $this;
202 }
203
204 /**
205 * Get the AuthName (for digest authentication)
206 *
207 * @return string
208 */
209 public function getAuthName()
210 {
211 return $this->authName;
212 }
213
214 /**
215 * Set the username
216 *
217 * @param string $name
218 * @return Apache
219 */
220 public function setUserName($name)
221 {
222 $this->userName = $name;
223
224 return $this;
225 }
226
227 /**
228 * Get the username
229 *
230 * @return string
231 */
232 public function getUserName()
233 {
234 return $this->userName;
235 }
236
237 /**
238 * Convert a binary string using the alphabet "./0-9A-Za-z"
239 *
240 * @param string $value
241 * @return string
242 */
243 protected function toAlphabet64($value)
244 {
245 return strtr(strrev(substr(base64_encode($value), 2)), self::BASE64, self::ALPHA64);
246 }
247
248 /**
249 * APR1 MD5 algorithm
250 *
251 * @param string $password
252 * @param null|string $salt
253 * @return string
254 */
255 protected function apr1Md5($password, $salt = null)
256 {
257 if (null === $salt) {
258 $salt = Rand::getString(8, self::ALPHA64);
259 } else {
260 if (strlen($salt) !== 8) {
261 throw new Exception\InvalidArgumentException(
262 'The salt value for APR1 algorithm must be 8 characters long'
263 );
264 }
265 for ($i = 0; $i < 8; $i++) {
266 if (strpos(self::ALPHA64, $salt[$i]) === false) {
267 throw new Exception\InvalidArgumentException(
268 'The salt value must be a string in the alphabet "./0-9A-Za-z"'
269 );
270 }
271 }
272 }
273 $len = strlen($password);
274 $text = $password . '$apr1$' . $salt;
275 $bin = pack("H32", md5($password . $salt . $password));
276 for ($i = $len; $i > 0; $i -= 16) {
277 $text .= substr($bin, 0, min(16, $i));
278 }
279 for ($i = $len; $i > 0; $i >>= 1) {
280 $text .= ($i & 1) ? chr(0) : $password[0];
281 }
282 $bin = pack("H32", md5($text));
283 for ($i = 0; $i < 1000; $i++) {
284 $new = ($i & 1) ? $password : $bin;
285 if ($i % 3) {
286 $new .= $salt;
287 }
288 if ($i % 7) {
289 $new .= $password;
290 }
291 $new .= ($i & 1) ? $bin : $password;
292 $bin = pack("H32", md5($new));
293 }
294 $tmp = '';
295 for ($i = 0; $i < 5; $i++) {
296 $k = $i + 6;
297 $j = $i + 12;
298 if ($j == 16) {
299 $j = 5;
300 }
301 $tmp = $bin[$i] . $bin[$k] . $bin[$j] . $tmp;
302 }
303 $tmp = chr(0) . chr(0) . $bin[11] . $tmp;
304
305 return '$apr1$' . $salt . '$' . $this->toAlphabet64($tmp);
306 }
307 }
Mirror of official OpenEMR Sourceforge repository