ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilBasePasswordEncoder.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2014 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 require_once 'Services/Password/interfaces/interface.ilPasswordEncoder.php';
5 
11 abstract class ilBasePasswordEncoder implements ilPasswordEncoder
12 {
16  const MAX_PASSWORD_LENGTH = 4096;
17 
27  protected function comparePasswords($known_string, $user_string)
28  {
29  // Prevent issues if string length is 0
30  $known_string .= chr(0);
31  $user_string .= chr(0);
32 
33  $known_string_length = strlen($known_string);
34  $user_string_length = strlen($user_string);
35 
36  // Set the result to the difference between the lengths
37  $result = $known_string_length - $user_string_length;
38 
39  // Note that we ALWAYS iterate over the user-supplied length
40  // This is to prevent leaking length information
41  for($i = 0; $i < $user_string_length; $i++)
42  {
43  // Using % here is a trick to prevent notices
44  // It's safe, since if the lengths are different
45  // $result is already non-0
46  $result |= (ord($known_string[$i % $known_string_length]) ^ ord($user_string[$i]));
47  }
48 
49  // They are only identical strings if $result is exactly 0...
50  return 0 === $result;
51  }
52 
58  protected function isPasswordTooLong($password)
59  {
60  return strlen($password) > self::MAX_PASSWORD_LENGTH;
61  }
62 }
ilBasePasswordEncoder\comparePasswords
comparePasswords($known_string, $user_string)
Compares two passwords.
Definition: class.ilBasePasswordEncoder.php:27
$result
$result
Definition: CleanUpTest.php:407
ilBasePasswordEncoder\isPasswordTooLong
isPasswordTooLong($password)
Checks if the password is too long.
Definition: class.ilBasePasswordEncoder.php:58