4require_once 
'Services/Password/classes/encoders/class.ilBcryptPhpPasswordEncoder.php';
 
   46                        foreach(
$config as $key => $value)
 
   48                                switch(strtolower($key))
 
   50                                        case 'ignore_security_flaw':
 
   73                return PHP_VERSION_ID >= 50307;
 
  133                        require_once 
'Services/Password/exceptions/class.ilPasswordException.php';
 
  139                        require_once 
'Services/Password/exceptions/class.ilPasswordException.php';
 
  143                return $this->
encode($raw, $salt);
 
  153                        require_once 
'Services/Password/exceptions/class.ilPasswordException.php';
 
  193        protected function encode($raw, $user_secret)
 
  196                $hashed_password = hash_hmac(
'whirlpool', str_pad($raw, strlen($raw) * 4, sha1($user_secret), STR_PAD_BOTH), $client_secret, 
true);
 
  197                $salt            = substr(str_shuffle(str_repeat(
'./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', 22)), 0, 22);
 
  213                                require_once 
'Services/Password/exceptions/class.ilPasswordException.php';
 
  215                                        'The bcrypt implementation used by PHP can contain a security flaw ' .
 
  216                                        'using passwords with 8-bit characters. ' .
 
  217                                        'We suggest to upgrade to PHP 5.3.7+ or use passwords with only 7-bit characters.' 
  222                $salted_password = crypt($hashed_password, $prefix . $this->
getCosts() . 
'$' . $salt);
 
  223                if(strlen($salted_password) <= 13)
 
  225                        require_once 
'Services/Password/exceptions/class.ilPasswordException.php';
 
  229                return $salted_password;
 
  239        protected function check($encoded, $raw, $salt)
 
  241                $hashed_password  = hash_hmac(
'whirlpool', str_pad($raw, strlen($raw) * 4, sha1($salt), STR_PAD_BOTH), $this->
getClientSalt(), 
true);
 
  242                return crypt($hashed_password, substr($encoded, 0, 30)) == $encoded;
 
  278                require_once 
'Services/Password/classes/class.ilPasswordUtils.php';
 
  292                        require_once 
'Services/Password/exceptions/class.ilPasswordException.php';
 
sprintf('%.4f', $callTime)
An exception for terminatinating execution or to throw for unit testing.
isPasswordTooLong($password)
Checks if the password is too long.
setIsSecurityFlawIgnored($is_security_flaw_ignored)
setBackwardCompatibility($backward_compatibility)
Set the backward compatibility $2a$ instead of $2y$ for PHP 5.3.7+.
__construct(array $config=array())
const SALT_STORAGE_FILENAME
encodePassword($raw, $salt)
{{Encodes the raw password.string The encoded password}}
requiresReencoding($encoded)
{{{Returns whether or not the a encoded password needs to be re-encoded.boolean}}}
isPasswordValid($encoded, $raw, $salt)
{{Checks a raw password against an encoded password.The raw password has to be injected into the enco...
isBackwardCompatibilityEnabled()
requiresSalt()
{{Returns whether or not the encoder requires a salt.boolean}}
check($encoded, $raw, $salt)
Verifies a bcrypt encoded string.
encode($raw, $user_secret)
Generates a bcrypt encoded string.
setClientSalt($client_salt)
$is_security_flaw_ignored
Class for user password exception handling in ILIAS.
static getBytes($length)
Generate random bytes using OpenSSL or Mcrypt and mt_rand() as fallback.
static getDataDir()
get data directory (outside webspace)