Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Use the new JCryptPassword in JUser. Deprecate the old way.

  • Loading branch information...
commit ca1288c1d3801474bb4d4b8201380a99155890fd 1 parent 3d84f34
@realityking authored
View
33 libraries/joomla/crypt/crypt.php
@@ -235,4 +235,37 @@ public static function genRandomBytes($length = 16)
return substr($randomStr, 0, $length);
}
+
+ /**
+ * Generate a random password
+ *
+ * @param integer $length Length of the password to generate
+ *
+ * @return string Random Password
+ *
+ * @since 12.2
+ */
+ public static function genRandomPassword($length = 8)
+ {
+ $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+ $base = strlen($salt);
+ $makepass = '';
+
+ /*
+ * Start with a cryptographic strength random string, then convert it to
+ * a string with the numeric base of the salt.
+ * Shift the base conversion on each character so the character
+ * distribution is even, and randomize the start shift so it's not
+ * predictable.
+ */
+ $random = self::genRandomBytes($length + 1);
+ $shift = ord($random[0]);
+ for ($i = 1; $i <= $length; ++$i)
+ {
+ $makepass .= $salt[($shift + ord($random[$i])) % $base];
+ $shift += ord($random[$i]);
+ }
+
+ return $makepass;
+ }
}
View
6 libraries/joomla/crypt/password/simple.php
@@ -97,11 +97,7 @@ public function setCost($cost)
*/
protected function getSalt($length)
{
- $bytes = ceil($length * 6 / 8);
-
- $randomData = str_replace('+', '.', base64_encode(JCrypt::getRandomBytes($bytes)));
-
- return substr($randomData, 0, $length);
+ return JCrypt::genRandomPassword($length);
}
/**
View
28 libraries/joomla/user/helper.php
@@ -299,9 +299,12 @@ public static function getUserId($username)
* @return string The encrypted password.
*
* @since 11.1
+ * @deprecated 13.3 Use a class implementing JCryptPassword instead.
*/
public static function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false)
{
+ JLog::add('JUserHelper::getCryptedPassword() is deprecated. Use a class implementing JCryptPassword instead.', JLog::WARNING, 'deprecated');
+
// Get the salt to use.
$salt = self::getSalt($encryption, $salt, $plaintext);
@@ -402,9 +405,12 @@ public static function getCryptedPassword($plaintext, $salt = '', $encryption =
* @return string The generated or extracted salt.
*
* @since 11.1
+ * @deprecated 13.3 Use a class implementing JCryptPassword instead.
*/
public static function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '')
{
+ JLog::add('JUserHelper::getSalt() is deprecated. Use a class implementing JCryptPassword instead.', JLog::WARNING, 'deprecated');
+
// Encrypt the password.
switch ($encryption)
{
@@ -501,29 +507,13 @@ public static function getSalt($encryption = 'md5-hex', $seed = '', $plaintext =
* @return string Random Password
*
* @since 11.1
+ * @deprecated 13.3 Use JCrypt::genRandomPassword instead.
*/
public static function genRandomPassword($length = 8)
{
- $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- $base = strlen($salt);
- $makepass = '';
-
- /*
- * Start with a cryptographic strength random string, then convert it to
- * a string with the numeric base of the salt.
- * Shift the base conversion on each character so the character
- * distribution is even, and randomize the start shift so it's not
- * predictable.
- */
- $random = JCrypt::genRandomBytes($length + 1);
- $shift = ord($random[0]);
- for ($i = 1; $i <= $length; ++$i)
- {
- $makepass .= $salt[($shift + ord($random[$i])) % $base];
- $shift += ord($random[$i]);
- }
+ JLog::add('JUserHelper::genRandomPassword() is deprecated. Use JCrypt::genRandomPassword() instead.', JLog::WARNING, 'deprecated');
- return $makepass;
+ return JCrypt::genRandomPassword($length);
}
/**
View
13 libraries/joomla/user/user.php
@@ -551,14 +551,11 @@ public function bind(&$array)
return false;
}
+ $pwCrypt = new JCryptPasswordSimple;
$this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string');
-
- $salt = JUserHelper::genRandomPassword(32);
- $crypt = JUserHelper::getCryptedPassword($array['password'], $salt);
- $array['password'] = $crypt . ':' . $salt;
+ $array['password'] = $pwCrypt->create($array['password'], JCryptPassword::JOOMLA);
// Set the registration timestamp
-
$this->set('registerDate', JFactory::getDate()->toSql());
// Check that username is not greater than 150 characters
@@ -589,10 +586,8 @@ public function bind(&$array)
}
$this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string');
-
- $salt = JUserHelper::genRandomPassword(32);
- $crypt = JUserHelper::getCryptedPassword($array['password'], $salt);
- $array['password'] = $crypt . ':' . $salt;
+ $pwCrypt = new JCryptPasswordSimple;
+ $array['password'] = $pwCrypt->create($array['password'], JCryptPassword::JOOMLA);
}
else
{
Please sign in to comment.
Something went wrong with that request. Please try again.