Browse files

MINOR: Fix coding conventions

  • Loading branch information...
1 parent f6c98b1 commit 0c0a91e3c1b5882a3a1514e748312394c5b7489c Andrew O'Neil committed May 8, 2012
Showing with 45 additions and 45 deletions.
  1. +44 −44 security/PasswordEncryptor.php
  2. +1 −1 tests/security/PasswordEncryptorTest.php
View
88 security/PasswordEncryptor.php
@@ -150,74 +150,74 @@ function encrypt($password, $salt = null, $member = null) {
// See: http://nz.php.net/security/crypt_blowfish.php
// There are three version of the algorithm - y, a and x, in order
// of decreasing security. Attempt to use the strongest version.
- $encrypted_password = $this->encrypt_y($password, $salt);
- if(!$encrypted_password) {
- $encrypted_password = $this->encrypt_a($password, $salt);
+ $encryptedPassword = $this->encryptY($password, $salt);
+ if(!$encryptedPassword) {
+ $encryptedPassword = $this->encryptA($password, $salt);
}
- if(!$encrypted_password) {
- $encrypted_password = $this->encrypt_x($password, $salt);
+ if(!$encryptedPassword) {
+ $encryptedPassword = $this->encryptX($password, $salt);
}
// We *never* want to generate blank passwords. If something
// goes wrong, throw an exception.
- if(strpos($encrypted_password, '$2') === false) {
+ if(strpos($encryptedPassword, '$2') === false) {
throw new PasswordEncryptor_EncryptionFailed('Blowfish password encryption failed.');
}
- return $encrypted_password;
+ return $encryptedPassword;
}
- function encrypt_x($password, $salt) {
- $method_and_salt = '$2x$' . $salt;
- $encrypted_password = crypt($password, $method_and_salt);
+ function encryptX($password, $salt) {
+ $methodAndSalt = '$2x$' . $salt;
+ $encryptedPassword = crypt($password, $methodAndSalt);
- if(strpos($encrypted_password, '$2x$') === 0) {
- return $encrypted_password;
+ if(strpos($encryptedPassword, '$2x$') === 0) {
+ return $encryptedPassword;
}
// Check if system a is actually x, and if available, use that.
- if($this->what_is_a() == 'x') {
- $method_and_salt = '$2a$' . $salt;
- $encrypted_password = crypt($password, $method_and_salt);
+ if($this->checkAEncryptionLevel() == 'x') {
+ $methodAndSalt = '$2a$' . $salt;
+ $encryptedPassword = crypt($password, $methodAndSalt);
- if(strpos($encrypted_password, '$2a$') === 0) {
- $encrypted_password = '$2x$' . substr($encrypted_password, strlen('$2a$'));
- return $encrypted_password;
+ if(strpos($encryptedPassword, '$2a$') === 0) {
+ $encryptedPassword = '$2x$' . substr($encryptedPassword, strlen('$2a$'));
+ return $encryptedPassword;
}
}
return false;
}
- function encrypt_y($password, $salt) {
- $method_and_salt = '$2y$' . $salt;
- $encrypted_password = crypt($password, $method_and_salt);
+ function encryptY($password, $salt) {
+ $methodAndSalt = '$2y$' . $salt;
+ $encryptedPassword = crypt($password, $methodAndSalt);
- if(strpos($encrypted_password, '$2y$') === 0) {
- return $encrypted_password;
+ if(strpos($encryptedPassword, '$2y$') === 0) {
+ return $encryptedPassword;
}
// Check if system a is actually y, and if available, use that.
- if($this->what_is_a() == 'y') {
- $method_and_salt = '$2a$' . $salt;
- $encrypted_password = crypt($password, $method_and_salt);
+ if($this->checkAEncryptionLevel() == 'y') {
+ $methodAndSalt = '$2a$' . $salt;
+ $encryptedPassword = crypt($password, $methodAndSalt);
- if(strpos($encrypted_password, '$2a$') === 0) {
- $encrypted_password = '$2y$' . substr($encrypted_password, strlen('$2a$'));
- return $encrypted_password;
+ if(strpos($encryptedPassword, '$2a$') === 0) {
+ $encryptedPassword = '$2y$' . substr($encryptedPassword, strlen('$2a$'));
+ return $encryptedPassword;
}
}
return false;
}
- function encrypt_a($password, $salt) {
- if($this->what_is_a() == 'a') {
- $method_and_salt = '$2a$' . $salt;
- $encrypted_password = crypt($password, $method_and_salt);
+ function encryptA($password, $salt) {
+ if($this->checkAEncryptionLevel() == 'a') {
+ $methodAndSalt = '$2a$' . $salt;
+ $encryptedPassword = crypt($password, $methodAndSalt);
- if(strpos($encrypted_password, '$2a$') === 0) {
- return $encrypted_password;
+ if(strpos($encryptedPassword, '$2a$') === 0) {
+ return $encryptedPassword;
}
}
@@ -230,16 +230,16 @@ function encrypt_a($password, $salt) {
* version, depending on the version of PHP and the operating system,
* so we need to test it.
*/
- function what_is_a() {
+ function checkAEncryptionLevel() {
// Test hashes taken from http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/glibc/crypt_blowfish/wrapper.c?rev=1.9.2.1;content-type=text%2Fplain
- $x_or_y = crypt("\xff\xa334\xff\xff\xff\xa3345", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi') == '$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi';
- $y_or_a = crypt("\xa3", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq') == '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq';
+ $xOrY = crypt("\xff\xa334\xff\xff\xff\xa3345", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi') == '$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi';
+ $yOrA = crypt("\xa3", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq') == '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq';
- if($x_or_y && $y_or_a) {
+ if($xOrY && $yOrA) {
return 'y';
- } elseif($x_or_y) {
+ } elseif($xOrY) {
return 'x';
- } elseif($y_or_a) {
+ } elseif($yOrA) {
return 'a';
}
@@ -253,11 +253,11 @@ function salt($password, $member = null) {
function check($hash, $password, $salt = null, $member = null) {
if(strpos($hash, '$2y$') === 0) {
- return $hash === $this->encrypt_y($password, $salt);
+ return $hash === $this->encryptY($password, $salt);
} elseif(strpos($hash, '$2a$') === 0) {
- return $hash === $this->encrypt_a($password, $salt);
+ return $hash === $this->encryptA($password, $salt);
} elseif(strpos($hash, '$2x$') === 0) {
- return $hash === $this->encrypt_x($password, $salt);
+ return $hash === $this->encryptX($password, $salt);
}
return false;
View
2 tests/security/PasswordEncryptorTest.php
@@ -67,7 +67,7 @@ function testEncryptorBlowfish() {
$password = 'mypassword';
$salt = '10$mysaltmustbetwen2chars';
- $this->assertTrue($e->what_is_a() == 'y' || $e->what_is_a() == 'x' || $e->what_is_a() == 'a');
+ $this->assertTrue($e->checkAEncryptionLevel() == 'y' || $e->checkAEncryptionLevel() == 'x' || $e->checkAEncryptionLevel() == 'a');
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", '10$anothersaltetwen2chars'));

0 comments on commit 0c0a91e

Please sign in to comment.