Files
XenForoRomhackPlazaAddon/Authentication/WordPress.php

91 lines
2.8 KiB
PHP
Raw Normal View History

2026-06-23 19:24:37 +02:00
<?php
namespace RomhackPlaza\Master\Authentication;
use XF\Authentication\AbstractAuth;
class WordPress extends AbstractAuth
{
private const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
public function generate($password)
{
return false;
}
public function authenticate($userId, $password)
{
if (!is_string($password) || $password === '' || empty($this->data) ) {
return false;
}
return $this->verifyPassword($password, $this->data['hash']);
}
private function verifyPassword($password, $storedHash): bool
{
if( str_starts_with($storedHash, '$wp') ){
$passwordToVerify = base64_encode( hash_hmac( 'sha384', $password, 'wp-sha384', true ) );
return password_verify( $passwordToVerify, substr($storedHash, 3) );
}
if (str_starts_with($storedHash, '$2y$') || str_starts_with($storedHash, '$2a$') || str_starts_with($storedHash, '$2b$')) {
return password_verify($password, $storedHash);
}
if (strlen($storedHash) === 34 && (str_starts_with($storedHash, '$P$') || str_starts_with($storedHash, '$H$'))) {
return $this->verifyPhpass($password, $storedHash);
}
if (strlen($storedHash) <= 32) {
return hash_equals($storedHash, md5($password));
}
return false;
}
private function verifyPhpass(string $password, string $storedHash): bool
{
$itoa64 = self::ITOA64;
$countLog2 = strpos($itoa64, $storedHash[3]);
if ($countLog2 < 7 || $countLog2 > 30) return false;
$count = 1 << $countLog2;
$salt = substr($storedHash, 4, 8);
if (strlen($salt) !== 8) return false;
$hash = md5($salt . $password, true);
do {
$hash = md5($hash . $password, true);
} while (--$count);
$output = substr($storedHash, 0, 12) . self::encode64($hash, $itoa64);
return hash_equals($storedHash, $output);
}
private function encode64(string $input, string $itoa64): string
{
$output = '';
$i = 0;
$count = strlen($input);
do {
$value = ord($input[$i++]);
$output .= $itoa64[$value & 0x3f];
if ($i < $count) $value |= ord($input[$i]) << 8;
$output .= $itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) break;
if ($i < $count) $value |= ord($input[$i]) << 16;
$output .= $itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) break;
$output .= $itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
public function getAuthenticationName()
{
return 'RomhackPlaza\Master:WordPress';
}
}