mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-09-05 19:12:42 +00:00
code optimizing and simplify _crypt(), see PR #853
This commit is contained in:
Ceeram
parent
2ab3a463cc
commit
0196c6f686
2 changed files with 36 additions and 54 deletions
|
|
@ -100,7 +100,6 @@ class SecurityTest extends CakeTestCase {
|
|||
*/
|
||||
public function testHashInvalidCost() {
|
||||
Security::setCost(1000);
|
||||
$result = Security::hash('somekey', 'blowfish', false);
|
||||
}
|
||||
/**
|
||||
* testHash method
|
||||
|
|
@ -179,6 +178,18 @@ class SecurityTest extends CakeTestCase {
|
|||
$hashedPassword = Security::hash($submittedPassword, null, $storedPassword);
|
||||
$this->assertNotSame($storedPassword, $hashedPassword);
|
||||
|
||||
$expected = sha1('customsaltsomevalue');
|
||||
$result = Security::hash('somevalue', 'sha1', 'customsalt');
|
||||
$this->assertSame($expected, $result);
|
||||
|
||||
$oldSalt = Configure::read('Security.salt');
|
||||
Configure::write('Security.salt', 'customsalt');
|
||||
|
||||
$expected = sha1('customsaltsomevalue');
|
||||
$result = Security::hash('somevalue', 'sha1', true);
|
||||
$this->assertSame($expected, $result);
|
||||
|
||||
Configure::write('Security.salt', $oldSalt);
|
||||
Security::setHash($_hashType);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -98,20 +98,18 @@ class Security {
|
|||
$type = strtolower($type);
|
||||
|
||||
if ($type === 'blowfish') {
|
||||
return self::_crypt($string, $type, $salt);
|
||||
return self::_crypt($string, $salt);
|
||||
}
|
||||
if ($salt) {
|
||||
if (is_string($salt)) {
|
||||
$string = $salt . $string;
|
||||
} else {
|
||||
$string = Configure::read('Security.salt') . $string;
|
||||
if (!is_string($salt)) {
|
||||
$salt = Configure::read('Security.salt');
|
||||
}
|
||||
$string = $salt . $string;
|
||||
}
|
||||
|
||||
if (!$type || $type == 'sha1') {
|
||||
if (function_exists('sha1')) {
|
||||
$return = sha1($string);
|
||||
return $return;
|
||||
return sha1($string);
|
||||
}
|
||||
$type = 'sha256';
|
||||
}
|
||||
|
|
@ -145,6 +143,14 @@ class Security {
|
|||
* @return void
|
||||
*/
|
||||
public static function setCost($cost) {
|
||||
if ($cost < 4 || $cost > 31) {
|
||||
trigger_error(__d(
|
||||
'cake_dev',
|
||||
'Invalid value, cost must be between %s and %s',
|
||||
array(4, 31)
|
||||
), E_USER_WARNING);
|
||||
return null;
|
||||
}
|
||||
self::$hashCost = $cost;
|
||||
}
|
||||
|
||||
|
|
@ -201,13 +207,11 @@ class Security {
|
|||
$mode = 'cbc';
|
||||
$cryptKey = substr($key, 0, 32);
|
||||
$iv = substr($key, strlen($key) - 32, 32);
|
||||
$out = '';
|
||||
|
||||
if ($operation === 'encrypt') {
|
||||
$out .= mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv);
|
||||
} elseif ($operation === 'decrypt') {
|
||||
$out .= rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0");
|
||||
return mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv);
|
||||
}
|
||||
return $out;
|
||||
return rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0");
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -228,55 +232,22 @@ class Security {
|
|||
}
|
||||
|
||||
/**
|
||||
* One way encryption using php's crypt() function.
|
||||
* One way encryption using php's crypt() function, used with type blowfish in ``Security::hash()``
|
||||
*
|
||||
* @param string $password The string to be encrypted.
|
||||
* @param string $type The encryption method to use (blowfish)
|
||||
* @param mixed $salt false to generate a new salt or an existing salt.
|
||||
*/
|
||||
protected static function _crypt($password, $type = null, $salt = false) {
|
||||
$options = array(
|
||||
'saltFormat' => array(
|
||||
'blowfish' => '$2a$%02d$%s',
|
||||
),
|
||||
'saltLength' => array(
|
||||
'blowfish' => 22,
|
||||
),
|
||||
'costLimits' => array(
|
||||
'blowfish' => array(4, 31),
|
||||
)
|
||||
);
|
||||
extract($options);
|
||||
if ($type === null) {
|
||||
$hashType = self::$hashType;
|
||||
} else {
|
||||
$hashType = $type;
|
||||
}
|
||||
$cost = self::$hashCost;
|
||||
protected static function _crypt($password, $salt = false) {
|
||||
if ($salt === false) {
|
||||
if (isset($costLimits[$hashType]) && ($cost < $costLimits[$hashType][0] || $cost > $costLimits[$hashType][1])) {
|
||||
trigger_error(__d(
|
||||
'cake_dev',
|
||||
'When using %s you must specify a cost between %s and %s',
|
||||
array(
|
||||
$hashType,
|
||||
$costLimits[$hashType][0],
|
||||
$costLimits[$hashType][1]
|
||||
)
|
||||
), E_USER_WARNING);
|
||||
return '';
|
||||
}
|
||||
$salt = self::salt($saltLength[$hashType]);
|
||||
$vspArgs = array(
|
||||
$cost,
|
||||
$salt,
|
||||
);
|
||||
$salt = vsprintf($saltFormat[$hashType], $vspArgs);
|
||||
} elseif ($salt === true || strpos($salt, '$2a$') !== 0 || strlen($salt) < 29) {
|
||||
$salt = self::salt(22);
|
||||
$salt = vsprintf('$2a$%02d$%s', array(self::$hashCost, $salt));
|
||||
}
|
||||
|
||||
if ($salt === true || strpos($salt, '$2a$') !== 0 || strlen($salt) < 29) {
|
||||
trigger_error(__d(
|
||||
'cake_dev',
|
||||
'Invalid salt: %s for %s Please visit http://www.php.net/crypt and read the appropriate section for building %s salts.',
|
||||
array($salt, $hashType, $hashType)
|
||||
array($salt, 'blowfish', 'blowfish')
|
||||
), E_USER_WARNING);
|
||||
return '';
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue