91 lines
2.8 KiB
PHP
91 lines
2.8 KiB
PHP
<?php
|
|
|
|
namespace RomhackPlaza\Master\Authentication;
|
|
|
|
use XF\Authentication\AbstractAuth;
|
|
|
|
class WordPress extends AbstractAuth
|
|
{
|
|
|
|
private const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
|
|
|
|
public function generate($password)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
public function authenticate($userId, $password)
|
|
{
|
|
if (!is_string($password) || $password === '' || empty($this->data) ) {
|
|
return false;
|
|
}
|
|
|
|
return $this->verifyPassword($password, $this->data['hash']);
|
|
|
|
}
|
|
|
|
private function verifyPassword($password, $storedHash): bool
|
|
{
|
|
if( str_starts_with($storedHash, '$wp') ){
|
|
$passwordToVerify = base64_encode( hash_hmac( 'sha384', $password, 'wp-sha384', true ) );
|
|
return password_verify( $passwordToVerify, substr($storedHash, 3) );
|
|
}
|
|
|
|
if (str_starts_with($storedHash, '$2y$') || str_starts_with($storedHash, '$2a$') || str_starts_with($storedHash, '$2b$')) {
|
|
return password_verify($password, $storedHash);
|
|
}
|
|
|
|
if (strlen($storedHash) === 34 && (str_starts_with($storedHash, '$P$') || str_starts_with($storedHash, '$H$'))) {
|
|
return $this->verifyPhpass($password, $storedHash);
|
|
}
|
|
|
|
if (strlen($storedHash) <= 32) {
|
|
return hash_equals($storedHash, md5($password));
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
private function verifyPhpass(string $password, string $storedHash): bool
|
|
{
|
|
$itoa64 = self::ITOA64;
|
|
$countLog2 = strpos($itoa64, $storedHash[3]);
|
|
if ($countLog2 < 7 || $countLog2 > 30) return false;
|
|
|
|
$count = 1 << $countLog2;
|
|
$salt = substr($storedHash, 4, 8);
|
|
if (strlen($salt) !== 8) return false;
|
|
|
|
$hash = md5($salt . $password, true);
|
|
do {
|
|
$hash = md5($hash . $password, true);
|
|
} while (--$count);
|
|
|
|
$output = substr($storedHash, 0, 12) . self::encode64($hash, $itoa64);
|
|
return hash_equals($storedHash, $output);
|
|
}
|
|
|
|
private function encode64(string $input, string $itoa64): string
|
|
{
|
|
$output = '';
|
|
$i = 0;
|
|
$count = strlen($input);
|
|
do {
|
|
$value = ord($input[$i++]);
|
|
$output .= $itoa64[$value & 0x3f];
|
|
if ($i < $count) $value |= ord($input[$i]) << 8;
|
|
$output .= $itoa64[($value >> 6) & 0x3f];
|
|
if ($i++ >= $count) break;
|
|
if ($i < $count) $value |= ord($input[$i]) << 16;
|
|
$output .= $itoa64[($value >> 12) & 0x3f];
|
|
if ($i++ >= $count) break;
|
|
$output .= $itoa64[($value >> 18) & 0x3f];
|
|
} while ($i < $count);
|
|
return $output;
|
|
}
|
|
|
|
public function getAuthenticationName()
|
|
{
|
|
return 'RomhackPlaza\Master:WordPress';
|
|
}
|
|
} |