/
CryptLib.php
154 lines (116 loc) · 4.51 KB
/
CryptLib.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<?php
/**
* An example file demonstrating the use of the wrapper class CryptLib
*
* PHP version 5.3
*
* @category PHPCryptLib-Examples
* @package Core
* @author Anthony Ferrara <ircmaxell@ircmaxell.com>
* @copyright 2011 The Authors
* @license http://opensource.org/licenses/bsd-license.php New BSD License
* @license http://www.gnu.org/licenses/lgpl-2.1.html LGPL v 2.1
*/
/**
* Note, you do not need to use namespaces in your code to make use of the library.
* Namespaces are used here for separation separation only.
*/
namespace CryptLibExamples;
/**
* Since we're using the wrapper class, it will automatically instantiate the
* library without having to manually bootstrap the framework. Either way will
* work just fine. Even if you call both, it's smart enough to not double
* initialize the framework.
*/
require_once dirname(__DIR__) . '/lib/CryptLib/CryptLib.php';
/**
* There's no parameters to instantiate the class. Just instantiate it. Note the
* namespace prefix. You can import the class using a `use CryptLib\CryptLib`
* declaration at the top of the file, but this works just as well.
*/
$cryptLib = new \CryptLib\CryptLib;
/**
* Now we can do all sorts of things with the library. Let's start off by
* generating a random token. This could be a temporary password, a CSRF token, etc
*
* Note that the number in the input is the number of desired characters in the
* random output. So if you want 16 random characters, pass in 16. If you want
* 300, pass in 300.
*
* Also note that this generates medium strength random numbers. If you are using
* the generated numbers for encryption or for other sensitive needs, use the
* random generator class itself (see the Random/strings.php example).
*/
$token = $cryptLib->getRandomToken(16);
printf("\nHere's our token: %s\n", $token);
/**
* Now, let's generate a random number. This works just like `rand()` in that you
* can provide a min and a max to the function to put boundaries on the generated
* number's range.
*/
$number = $cryptLib->getRandomNumber();
printf("\nHere's a random number from 0 to PHP_INT_MAX: %d\n", $number);
/**
* Let's bound that to between 10 and 100...
*/
$number = $cryptLib->getRandomNumber(10, 100);
printf("\nHere's a random number from 10 to 100: %d\n", $number);
/**
* And we can also pick a random element from an array
*
* This is similar to array_rand, except that it uses a cryptographic secure RNG
* (which is likely overkill for most applications)
*/
$array = array('ab', 'bc', 'cd', 'de', 'ef', 'fg', 'gh');
$element = $cryptLib->getRandomArrayElement($array);
printf("\nHere's a random array element: %s\n", $element);
/**
* And we can randomize an array
*/
$array = array('a', 'b', 'c', 'd', 'e', 'f');
$newArray = $cryptLib->shuffleArray($array);
printf("\nHere's a randomized array: \n");
print_r($newArray);
printf("\nAnd here's the same arrays with incremental keys:\n");
print_r(array_values($newArray));
/**
* And we can randomize a string
*/
$string = 'abcdef';
$newString = $cryptLib->shuffleString($string);
printf("\nHere's our randomized string: %s\n", $newString);
/**
* Now, lets do some password hashing.
*/
$password = 'Password';
$hash = $cryptLib->createPasswordHash($password);
printf("\nHere's a hashed password: %s\n", $hash);
/**
* Let's verify the password. To show that nothing is saved, let's create a new
* instance of the CryptLib class.
*/
$cryptLib2 = new \CryptLib\CryptLib;
$result = $cryptLib2->verifyPasswordHash($password, $hash);
printf("\nThe result of the password check was: %s\n", $result ? 'successful' : 'not successful');
/**
* Let's use a different format. Let's try using Drupal's password hash
*/
$hash = $cryptLib->createPasswordHash($password, '$S$');
printf("\nHere's a Drupal hashed password: %s\n", $hash);
/**
* Let's verify the password. To show that nothing is saved, let's create a new
* instance of the CryptLib class.
*/
$result = $cryptLib2->verifyPasswordHash($password, $hash);
printf("\nThe result of the Drupal password check was: %s\n", $result ? 'successful' : 'not successful');
/**
* Let's use PBKDF2
*/
$hash = $cryptLib->createPasswordHash($password, '$pbkdf$');
printf("\nHere's a PBKDF2 hashed password: %s\n", $hash);
/**
* Let's verify the password. To show that nothing is saved, let's create a new
* instance of the CryptLib class.
*/
$result = $cryptLib2->verifyPasswordHash($password, $hash);
printf("\nThe result of the PBKDF2 password check was: %s\n", $result ? 'successful' : 'not successful');