Migration complete
This commit is contained in:
91
Authentication/WordPress.php
Normal file
91
Authentication/WordPress.php
Normal file
@@ -0,0 +1,91 @@
|
||||
<?php
|
||||
|
||||
namespace RomhackPlaza\Master\Authentication;
|
||||
|
||||
use XF\Authentication\AbstractAuth;
|
||||
|
||||
class WordPress extends AbstractAuth
|
||||
{
|
||||
|
||||
private const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
|
||||
|
||||
public function generate($password)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
public function authenticate($userId, $password)
|
||||
{
|
||||
if (!is_string($password) || $password === '' || empty($this->data) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->verifyPassword($password, $this->data['hash']);
|
||||
|
||||
}
|
||||
|
||||
private function verifyPassword($password, $storedHash): bool
|
||||
{
|
||||
if( str_starts_with($storedHash, '$wp') ){
|
||||
$passwordToVerify = base64_encode( hash_hmac( 'sha384', $password, 'wp-sha384', true ) );
|
||||
return password_verify( $passwordToVerify, substr($storedHash, 3) );
|
||||
}
|
||||
|
||||
if (str_starts_with($storedHash, '$2y$') || str_starts_with($storedHash, '$2a$') || str_starts_with($storedHash, '$2b$')) {
|
||||
return password_verify($password, $storedHash);
|
||||
}
|
||||
|
||||
if (strlen($storedHash) === 34 && (str_starts_with($storedHash, '$P$') || str_starts_with($storedHash, '$H$'))) {
|
||||
return $this->verifyPhpass($password, $storedHash);
|
||||
}
|
||||
|
||||
if (strlen($storedHash) <= 32) {
|
||||
return hash_equals($storedHash, md5($password));
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private function verifyPhpass(string $password, string $storedHash): bool
|
||||
{
|
||||
$itoa64 = self::ITOA64;
|
||||
$countLog2 = strpos($itoa64, $storedHash[3]);
|
||||
if ($countLog2 < 7 || $countLog2 > 30) return false;
|
||||
|
||||
$count = 1 << $countLog2;
|
||||
$salt = substr($storedHash, 4, 8);
|
||||
if (strlen($salt) !== 8) return false;
|
||||
|
||||
$hash = md5($salt . $password, true);
|
||||
do {
|
||||
$hash = md5($hash . $password, true);
|
||||
} while (--$count);
|
||||
|
||||
$output = substr($storedHash, 0, 12) . self::encode64($hash, $itoa64);
|
||||
return hash_equals($storedHash, $output);
|
||||
}
|
||||
|
||||
private function encode64(string $input, string $itoa64): string
|
||||
{
|
||||
$output = '';
|
||||
$i = 0;
|
||||
$count = strlen($input);
|
||||
do {
|
||||
$value = ord($input[$i++]);
|
||||
$output .= $itoa64[$value & 0x3f];
|
||||
if ($i < $count) $value |= ord($input[$i]) << 8;
|
||||
$output .= $itoa64[($value >> 6) & 0x3f];
|
||||
if ($i++ >= $count) break;
|
||||
if ($i < $count) $value |= ord($input[$i]) << 16;
|
||||
$output .= $itoa64[($value >> 12) & 0x3f];
|
||||
if ($i++ >= $count) break;
|
||||
$output .= $itoa64[($value >> 18) & 0x3f];
|
||||
} while ($i < $count);
|
||||
return $output;
|
||||
}
|
||||
|
||||
public function getAuthenticationName()
|
||||
{
|
||||
return 'RomhackPlaza\Master:WordPress';
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user