ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilBasePasswordEncoder.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2014 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4require_once 'Services/Password/interfaces/interface.ilPasswordEncoder.php';
5
12{
16 const MAX_PASSWORD_LENGTH = 4096;
17
27 protected function comparePasswords($known_string, $user_string)
28 {
29 // Prevent issues if string length is 0
30 $known_string .= chr(0);
31 $user_string .= chr(0);
32
33 $known_string_length = strlen($known_string);
34 $user_string_length = strlen($user_string);
35
36 // Set the result to the difference between the lengths
37 $result = $known_string_length - $user_string_length;
38
39 // Note that we ALWAYS iterate over the user-supplied length
40 // This is to prevent leaking length information
41 for ($i = 0; $i < $user_string_length; $i++) {
42 // Using % here is a trick to prevent notices
43 // It's safe, since if the lengths are different
44 // $result is already non-0
45 $result |= (ord($known_string[$i % $known_string_length]) ^ ord($user_string[$i]));
46 }
47
48 // They are only identical strings if $result is exactly 0...
49 return 0 === $result;
50 }
51
57 protected function isPasswordTooLong($password)
58 {
59 return strlen($password) > self::MAX_PASSWORD_LENGTH;
60 }
61
65 public function isSupportedByRuntime()
66 {
67 return true;
68 }
69
73 public function requiresSalt()
74 {
75 return false;
76 }
77
81 public function requiresReencoding($encoded)
82 {
83 return false;
84 }
85}
$result
An exception for terminatinating execution or to throw for unit testing.
requiresSalt()
{Returns whether or not the encoder requires a salt.boolean}
comparePasswords($known_string, $user_string)
Compares two passwords.
isPasswordTooLong($password)
Checks if the password is too long.
isSupportedByRuntime()
{Returns whether or not the encoder is supported by the runtime (PHP, HHVM, ...)boolean}
requiresReencoding($encoded)
{Returns whether or not the a encoded password needs to be re-encoded.boolean}
$password
Definition: cron.php:14
$i
Definition: disco.tpl.php:19