david
802479ed64
git-svn-id: https://192.168.0.254/svn/Proyectos.FundacionLQDVI_WebCongresos/trunk@2 94ccb1af-fd9d-d947-8d90-7f70ea60afc8
342 lines
8.9 KiB
PHP
342 lines
8.9 KiB
PHP
<?php
|
|
/**
|
|
* @version $Id:helper.php 6961 2007-03-15 16:06:53Z tcp $
|
|
* @package Joomla.Framework
|
|
* @subpackage User
|
|
* @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
|
|
* @license GNU/GPL, see LICENSE.php
|
|
* Joomla! is free software. This version may have been modified pursuant
|
|
* to the GNU General Public License, and as distributed it includes or
|
|
* is derivative of works licensed under the GNU General Public License or
|
|
* other free or open source software licenses.
|
|
* See COPYRIGHT.php for copyright notices and details.
|
|
*/
|
|
defined('JPATH_BASE') or die();
|
|
/**
|
|
* Authorization helper class, provides static methods to perform various tasks relevant
|
|
* to the Joomla user and authorization classes
|
|
*
|
|
* This class has influences and some method logic from the Horde Auth package
|
|
*
|
|
* @static
|
|
* @package Joomla.Framework
|
|
* @subpackage User
|
|
* @since 1.5
|
|
*/
|
|
class JUserHelper
|
|
{
|
|
/**
|
|
* Method to activate a user
|
|
*
|
|
* @param string $activation Activation string
|
|
* @return boolean True on success
|
|
* @since 1.5
|
|
*/
|
|
function activateUser($activation)
|
|
{
|
|
//Initialize some variables
|
|
$db = & JFactory::getDBO();
|
|
|
|
// Lets get the id of the user we want to activate
|
|
$query = 'SELECT id'
|
|
. ' FROM #__users'
|
|
. ' WHERE activation = '.$db->Quote($activation)
|
|
. ' AND block = 1'
|
|
. ' AND lastvisitDate = '.$db->Quote('0000-00-00 00:00:00');
|
|
;
|
|
$db->setQuery( $query );
|
|
$id = intval( $db->loadResult() );
|
|
|
|
// Is it a valid user to activate?
|
|
if ($id)
|
|
{
|
|
$user =& JUser::getInstance( (int) $id );
|
|
|
|
$user->set('block', '0');
|
|
$user->set('activation', '');
|
|
|
|
// Time to take care of business.... store the user.
|
|
if (!$user->save())
|
|
{
|
|
JError::raiseWarning( "SOME_ERROR_CODE", $user->getError() );
|
|
return false;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
JError::raiseWarning( "SOME_ERROR_CODE", JText::_('UNABLE TO FIND A USER WITH GIVEN ACTIVATION STRING') );
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Returns userid if a user exists
|
|
*
|
|
* @param string The username to search on
|
|
* @return int The user id or 0 if not found
|
|
*/
|
|
function getUserId($username)
|
|
{
|
|
// Initialize some variables
|
|
$db = & JFactory::getDBO();
|
|
|
|
$query = 'SELECT id FROM #__users WHERE username = ' . $db->Quote( $username );
|
|
$db->setQuery($query, 0, 1);
|
|
return $db->loadResult();
|
|
}
|
|
|
|
/**
|
|
* Formats a password using the current encryption.
|
|
*
|
|
* @access public
|
|
* @param string $plaintext The plaintext password to encrypt.
|
|
* @param string $salt The salt to use to encrypt the password. []
|
|
* If not present, a new salt will be
|
|
* generated.
|
|
* @param string $encryption The kind of pasword encryption to use.
|
|
* Defaults to md5-hex.
|
|
* @param boolean $show_encrypt Some password systems prepend the kind of
|
|
* encryption to the crypted password ({SHA},
|
|
* etc). Defaults to false.
|
|
*
|
|
* @return string The encrypted password.
|
|
*/
|
|
function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false)
|
|
{
|
|
// Get the salt to use.
|
|
$salt = JUserHelper::getSalt($encryption, $salt, $plaintext);
|
|
|
|
// Encrypt the password.
|
|
switch ($encryption)
|
|
{
|
|
case 'plain' :
|
|
return $plaintext;
|
|
|
|
case 'sha' :
|
|
$encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext));
|
|
return ($show_encrypt) ? '{SHA}'.$encrypted : $encrypted;
|
|
|
|
case 'crypt' :
|
|
case 'crypt-des' :
|
|
case 'crypt-md5' :
|
|
case 'crypt-blowfish' :
|
|
return ($show_encrypt ? '{crypt}' : '').crypt($plaintext, $salt);
|
|
|
|
case 'md5-base64' :
|
|
$encrypted = base64_encode(mhash(MHASH_MD5, $plaintext));
|
|
return ($show_encrypt) ? '{MD5}'.$encrypted : $encrypted;
|
|
|
|
case 'ssha' :
|
|
$encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext.$salt).$salt);
|
|
return ($show_encrypt) ? '{SSHA}'.$encrypted : $encrypted;
|
|
|
|
case 'smd5' :
|
|
$encrypted = base64_encode(mhash(MHASH_MD5, $plaintext.$salt).$salt);
|
|
return ($show_encrypt) ? '{SMD5}'.$encrypted : $encrypted;
|
|
|
|
case 'aprmd5' :
|
|
$length = strlen($plaintext);
|
|
$context = $plaintext.'$apr1$'.$salt;
|
|
$binary = JUserHelper::_bin(md5($plaintext.$salt.$plaintext));
|
|
|
|
for ($i = $length; $i > 0; $i -= 16) {
|
|
$context .= substr($binary, 0, ($i > 16 ? 16 : $i));
|
|
}
|
|
for ($i = $length; $i > 0; $i >>= 1) {
|
|
$context .= ($i & 1) ? chr(0) : $plaintext[0];
|
|
}
|
|
|
|
$binary = JUserHelper::_bin(md5($context));
|
|
|
|
for ($i = 0; $i < 1000; $i ++) {
|
|
$new = ($i & 1) ? $plaintext : substr($binary, 0, 16);
|
|
if ($i % 3) {
|
|
$new .= $salt;
|
|
}
|
|
if ($i % 7) {
|
|
$new .= $plaintext;
|
|
}
|
|
$new .= ($i & 1) ? substr($binary, 0, 16) : $plaintext;
|
|
$binary = JUserHelper::_bin(md5($new));
|
|
}
|
|
|
|
$p = array ();
|
|
for ($i = 0; $i < 5; $i ++) {
|
|
$k = $i +6;
|
|
$j = $i +12;
|
|
if ($j == 16) {
|
|
$j = 5;
|
|
}
|
|
$p[] = JUserHelper::_toAPRMD5((ord($binary[$i]) << 16) | (ord($binary[$k]) << 8) | (ord($binary[$j])), 5);
|
|
}
|
|
|
|
return '$apr1$'.$salt.'$'.implode('', $p).JUserHelper::_toAPRMD5(ord($binary[11]), 3);
|
|
|
|
case 'md5-hex' :
|
|
default :
|
|
$encrypted = ($salt) ? md5($plaintext.$salt) : md5($plaintext);
|
|
return ($show_encrypt) ? '{MD5}'.$encrypted : $encrypted;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns a salt for the appropriate kind of password encryption.
|
|
* Optionally takes a seed and a plaintext password, to extract the seed
|
|
* of an existing password, or for encryption types that use the plaintext
|
|
* in the generation of the salt.
|
|
*
|
|
* @access public
|
|
* @param string $encryption The kind of pasword encryption to use.
|
|
* Defaults to md5-hex.
|
|
* @param string $seed The seed to get the salt from (probably a
|
|
* previously generated password). Defaults to
|
|
* generating a new seed.
|
|
* @param string $plaintext The plaintext password that we're generating
|
|
* a salt for. Defaults to none.
|
|
*
|
|
* @return string The generated or extracted salt.
|
|
*/
|
|
function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '')
|
|
{
|
|
// Encrypt the password.
|
|
switch ($encryption)
|
|
{
|
|
case 'crypt' :
|
|
case 'crypt-des' :
|
|
if ($seed) {
|
|
return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 2);
|
|
} else {
|
|
return substr(md5(mt_rand()), 0, 2);
|
|
}
|
|
break;
|
|
|
|
case 'crypt-md5' :
|
|
if ($seed) {
|
|
return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 12);
|
|
} else {
|
|
return '$1$'.substr(md5(mt_rand()), 0, 8).'$';
|
|
}
|
|
break;
|
|
|
|
case 'crypt-blowfish' :
|
|
if ($seed) {
|
|
return substr(preg_replace('|^{crypt}|i', '', $seed), 0, 16);
|
|
} else {
|
|
return '$2$'.substr(md5(mt_rand()), 0, 12).'$';
|
|
}
|
|
break;
|
|
|
|
case 'ssha' :
|
|
if ($seed) {
|
|
return substr(preg_replace('|^{SSHA}|', '', $seed), -20);
|
|
} else {
|
|
return mhash_keygen_s2k(MHASH_SHA1, $plaintext, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
|
|
}
|
|
break;
|
|
|
|
case 'smd5' :
|
|
if ($seed) {
|
|
return substr(preg_replace('|^{SMD5}|', '', $seed), -16);
|
|
} else {
|
|
return mhash_keygen_s2k(MHASH_MD5, $plaintext, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
|
|
}
|
|
break;
|
|
|
|
case 'aprmd5' :
|
|
/* 64 characters that are valid for APRMD5 passwords. */
|
|
$APRMD5 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
|
|
|
|
if ($seed) {
|
|
return substr(preg_replace('/^\$apr1\$(.{8}).*/', '\\1', $seed), 0, 8);
|
|
} else {
|
|
$salt = '';
|
|
for ($i = 0; $i < 8; $i ++) {
|
|
$salt .= $APRMD5 {
|
|
rand(0, 63)
|
|
};
|
|
}
|
|
return $salt;
|
|
}
|
|
break;
|
|
|
|
default :
|
|
$salt = '';
|
|
if ($seed) {
|
|
$salt = $seed;
|
|
}
|
|
return $salt;
|
|
break;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Generate a random password
|
|
*
|
|
* @static
|
|
* @param int $length Length of the password to generate
|
|
* @return string Random Password
|
|
* @since 1.5
|
|
*/
|
|
function genRandomPassword($length = 8)
|
|
{
|
|
$salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
|
$len = strlen($salt);
|
|
$makepass = '';
|
|
|
|
$stat = @stat(__FILE__);
|
|
if(empty($stat) || !is_array($stat)) $stat = array(php_uname());
|
|
|
|
mt_srand(crc32(microtime() . implode('|', $stat)));
|
|
|
|
for ($i = 0; $i < $length; $i ++) {
|
|
$makepass .= $salt[mt_rand(0, $len -1)];
|
|
}
|
|
|
|
return $makepass;
|
|
}
|
|
|
|
/**
|
|
* Converts to allowed 64 characters for APRMD5 passwords.
|
|
*
|
|
* @access private
|
|
* @param string $value
|
|
* @param integer $count
|
|
* @return string $value converted to the 64 MD5 characters.
|
|
* @since 1.5
|
|
*/
|
|
function _toAPRMD5($value, $count)
|
|
{
|
|
/* 64 characters that are valid for APRMD5 passwords. */
|
|
$APRMD5 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
|
|
|
|
$aprmd5 = '';
|
|
$count = abs($count);
|
|
while (-- $count) {
|
|
$aprmd5 .= $APRMD5[$value & 0x3f];
|
|
$value >>= 6;
|
|
}
|
|
return $aprmd5;
|
|
}
|
|
|
|
/**
|
|
* Converts hexadecimal string to binary data.
|
|
*
|
|
* @access private
|
|
* @param string $hex Hex data.
|
|
* @return string Binary data.
|
|
* @since 1.5
|
|
*/
|
|
function _bin($hex)
|
|
{
|
|
$bin = '';
|
|
$length = strlen($hex);
|
|
for ($i = 0; $i < $length; $i += 2) {
|
|
$tmp = sscanf(substr($hex, $i, 2), '%x');
|
|
$bin .= chr(array_shift($tmp));
|
|
}
|
|
return $bin;
|
|
}
|
|
}
|