-
Notifications
You must be signed in to change notification settings - Fork 2
/
Bcrypt.php
executable file
·147 lines (119 loc) · 3.25 KB
/
Bcrypt.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* Bcrypt Class
* Simple and easy to use bcrypt helper for Codeigniter
*
* @author Waldir Bertazzi Junior
* @link http://waldir.org/
*/
class Bcrypt {
private $times;
private $random_state;
function __construct($times = 12){
$this->CI =& get_instance();
$this->times = $times;
}
/**
* Hashes a input using bcrypt.
*
* @param String input string to be hashed
* @return String contains hashed input
* @author Waldir Bertazzi Junior
**/
public function hash($input){
$hash = crypt($input, $this->generate_salt());
// hashed successful
if(strlen($hash) > 13)
return $hash;
// hash failed.
return false;
}
/**
* Function that compares the input with the correspondent hash. The same input should return the same hash.
* Return true if the input is the same as the hashed input.
*
* @param String input string without hash
* @param String previous hashed string
* @return Boolean
* @author Waldir Bertazzi Junior
**/
public function compare($input, $hashed_string) {
$hash = crypt($input, $hashed_string);
// return if the hashed string is the same
return $hash === $hashed_string;
}
private function generate_salt(){
$salt = sprintf('$2a$%02d$', $this->times);
// generate random bytes for our salt
$bytes = $this->get_random_bytes(16);
$salt .= $this->encode_bytes($bytes);
return $salt;
}
/**
* Function that return random bytes from various sources.
*
* @return random bytes
* @param number of bytes to generate
* @author Waldir Bertazzi Junior
**/
private function get_random_bytes($count){
$bytes = '';
if(function_exists('openssl_random_pseudo_bytes') && !(PHP_OS == 'Windows' || PHP_OS == 'WIN32' || PHP_OS == 'WINNT')) {
$bytes = openssl_random_pseudo_bytes($count);
}
if($bytes === '' && is_readable('/dev/urandom') && ($h_rand = @fopen('/dev/urandom', 'rb')) !== false){
$bytes = fread($h_rand, $count);
fclose($h_rand);
}
if(strlen($bytes) < $count) {
$bytes = '';
if($this->random_state === null) {
$this->random_state = microtime();
if(function_exists('getmypid')) {
$this->random_state .= getmypid();
}
}
for($i = 0; $i < $count; $i += 16) {
$this->random_state = md5(microtime() . $this->random_state);
if (PHP_VERSION >= '5') {
$bytes .= md5($this->random_state, true);
} else {
$bytes .= pack('H*', md5($this->random_state));
}
}
$bytes = substr($bytes, 0, $count);
}
return $bytes;
}
/**
* Function taken from PHP Password Hashing Framework
*
* @return void
* @author PHP Password Hashing Framework
* @link http://www.openwall.com/phpass/
**/
private function encode_bytes($input){
$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$output = '';
$i = 0;
do {
$c1 = ord($input[$i++]);
$output .= $itoa64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $itoa64[$c1];
break;
}
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $itoa64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f];
} while (1);
return $output;
}
}
?>