From 1b76f33e0bf6432189148b0f96c81f7810ecea2f Mon Sep 17 00:00:00 2001 From: printempw Date: Sun, 3 Apr 2016 15:39:22 +0800 Subject: [PATCH] detached ciphers --- admin/options.php | 13 ++++++++- libraries/Database/AdaptedDatabase.class.php | 6 ++-- libraries/Database/AuthmeDatabase.class.php | 6 ++-- libraries/Database/CrazyDatabase.class.php | 10 ++----- libraries/Database/Database.class.php | 8 +++--- libraries/Database/DiscuzDatabase.class.php | 11 ++++---- ....class.php => PasswordInterface.class.php} | 6 ++-- libraries/Encryption/CrazyCrypt1.class.php | 28 +++++++++++++++++++ .../Encryption/EncryptInterface.class.php | 21 ++++++++++++++ libraries/Encryption/MD5.class.php | 20 +++++++++++++ libraries/Encryption/SALTED2MD5.class.php | 17 +++++++++++ libraries/Encryption/SHA256.class.php | 23 +++++++++++++++ 12 files changed, 142 insertions(+), 27 deletions(-) rename libraries/Database/{EncryptInterface.class.php => PasswordInterface.class.php} (68%) create mode 100644 libraries/Encryption/CrazyCrypt1.class.php create mode 100644 libraries/Encryption/EncryptInterface.class.php create mode 100644 libraries/Encryption/MD5.class.php create mode 100644 libraries/Encryption/SALTED2MD5.class.php create mode 100644 libraries/Encryption/SHA256.class.php diff --git a/admin/options.php b/admin/options.php index b644629d..b3c692ef 100644 --- a/admin/options.php +++ b/admin/options.php @@ -3,7 +3,7 @@ * @Author: printempw * @Date: 2016-03-18 22:50:25 * @Last Modified by: printempw - * @Last Modified time: 2016-04-03 14:37:11 + * @Last Modified time: 2016-04-03 15:09:33 */ require "../libraries/session.inc.php"; if (!$user->is_admin) Utils::redirect('../index.php?msg=看起来你并不是管理员'); @@ -156,6 +156,17 @@ $db = new Database\Database('users'); + + 密码加密算法 + + + + 对接数据表用户名字段 diff --git a/libraries/Database/AdaptedDatabase.class.php b/libraries/Database/AdaptedDatabase.class.php index 4e650891..7066483f 100644 --- a/libraries/Database/AdaptedDatabase.class.php +++ b/libraries/Database/AdaptedDatabase.class.php @@ -3,17 +3,17 @@ * @Author: printempw * @Date: 2016-03-18 16:53:55 * @Last Modified by: printempw - * @Last Modified time: 2016-04-02 22:14:12 + * @Last Modified time: 2016-04-03 15:36:35 */ namespace Database; use Database\Database; -use Database\EncryptInterface; +use Database\PasswordInterface; use Database\SyncInterface; use Option; -class AdaptedDatabase extends Database implements EncryptInterface, SyncInterface +class AdaptedDatabase extends Database implements PasswordInterface, SyncInterface { protected $data_table; protected $column_uname; diff --git a/libraries/Database/AuthmeDatabase.class.php b/libraries/Database/AuthmeDatabase.class.php index a2911b9b..6a249ff8 100644 --- a/libraries/Database/AuthmeDatabase.class.php +++ b/libraries/Database/AuthmeDatabase.class.php @@ -3,7 +3,7 @@ * @Author: printempw * @Date: 2016-03-13 11:59:32 * @Last Modified by: printempw - * @Last Modified time: 2016-04-02 22:03:39 + * @Last Modified time: 2016-04-03 15:19:38 */ namespace Database; @@ -25,8 +25,8 @@ class AuthmeDatabase extends AdaptedDatabase // generate random salt $salt = \Utils::generateRndString(16); } - $hash = hash('sha256', hash('sha256', $raw_passwd).$salt); - $encrypt = '$SHA$'.$salt.'$'. $hash; + $class_name = "Encryption\\".\Option::get('encryption'); + $encrypt = '$SHA$'.$salt.'$'. $class_name::encrypt($raw_passwd, $salt); return $encrypt; } diff --git a/libraries/Database/CrazyDatabase.class.php b/libraries/Database/CrazyDatabase.class.php index 9846afe4..5ce3021b 100644 --- a/libraries/Database/CrazyDatabase.class.php +++ b/libraries/Database/CrazyDatabase.class.php @@ -3,7 +3,7 @@ * @Author: printempw * @Date: 2016-03-13 12:15:08 * @Last Modified by: printempw - * @Last Modified time: 2016-03-18 17:23:25 + * @Last Modified time: 2016-04-03 15:31:54 */ namespace Database; @@ -18,12 +18,8 @@ class CrazyDatabase extends AdaptedDatabase * https://github.com/ST-DDT/CrazyLogin/blob/master/php/Encryptors/CrazyCrypt1.php */ public function encryptPassword($raw_passwd, $username="") { - $text = "ÜÄaeut//&/=I " . $raw_passwd . "7421€547" . $username . "__+IÄIH§%NK " . $raw_passwd; - $t1 = unpack("H*", $text); - $t2 = substr($t1[1], 0, mb_strlen($text, 'UTF-8')*2); - $t3 = pack("H*", $t2); - $encrypt = hash("sha512", $t3); - return $encrypt; + $class_name = "Encryption\\".\Option::get('encryption'); + return $class_name::encrypt($raw_passwd, $username); } } diff --git a/libraries/Database/Database.class.php b/libraries/Database/Database.class.php index 0b386a7d..f3b61c28 100644 --- a/libraries/Database/Database.class.php +++ b/libraries/Database/Database.class.php @@ -3,7 +3,7 @@ * @Author: printempw * @Date: 2016-02-02 21:59:06 * @Last Modified by: printempw - * @Last Modified time: 2016-04-02 22:50:41 + * @Last Modified time: 2016-04-03 15:36:27 */ namespace Database; @@ -11,7 +11,7 @@ namespace Database; use Utils; use E; -class Database implements EncryptInterface, SyncInterface +class Database implements PasswordInterface, SyncInterface { private $connection = null; @@ -124,8 +124,8 @@ class Database implements EncryptInterface, SyncInterface } public function encryptPassword($raw_passwd, $username = "") { - $encrypt = md5($raw_passwd); - return $encrypt; + $class_name = "Encryption\\".\Option::get('encryption'); + return $class_name::encrypt($raw_passwd); } public function sync($username, $reverse = false) { diff --git a/libraries/Database/DiscuzDatabase.class.php b/libraries/Database/DiscuzDatabase.class.php index 4867bdbb..82494391 100644 --- a/libraries/Database/DiscuzDatabase.class.php +++ b/libraries/Database/DiscuzDatabase.class.php @@ -3,7 +3,7 @@ * @Author: printempw * @Date: 2016-03-13 14:59:32 * @Last Modified by: printempw - * @Last Modified time: 2016-03-18 17:23:38 + * @Last Modified time: 2016-04-03 15:24:30 */ namespace Database; @@ -13,13 +13,12 @@ use Database\AdaptedDatabase; class DiscuzDatabase extends AdaptedDatabase { /** - * Discuz's Fucking dynamic salt + * Parse Discuz's Fucking dynamic salt */ public function encryptPassword($raw_passwd, $username="") { - $salt = $this->query("SELECT * FROM ".$this->table_name." - WHERE ".$this->column_uname."='$username'")->fetch_array()['salt']; - $encrypt = md5(md5($raw_passwd).$salt); - return $encrypt; + $salt = $this->select($this->column_uname, $username, null, $this->data_table)['salt']; + $class_name = "Encryption\\".\Option::get('encryption'); + return $class_name::encrypt($raw_passwd, $salt); } } diff --git a/libraries/Database/EncryptInterface.class.php b/libraries/Database/PasswordInterface.class.php similarity index 68% rename from libraries/Database/EncryptInterface.class.php rename to libraries/Database/PasswordInterface.class.php index cddcf833..51bca745 100644 --- a/libraries/Database/EncryptInterface.class.php +++ b/libraries/Database/PasswordInterface.class.php @@ -3,15 +3,15 @@ * @Author: printempw * @Date: 2016-03-13 11:53:47 * @Last Modified by: printempw - * @Last Modified time: 2016-03-18 17:23:08 + * @Last Modified time: 2016-04-03 15:36:11 */ namespace Database; -interface EncryptInterface +interface PasswordInterface { /** - * Encrypt password, please define it to adapt to other encryption method + * Return encrypted password * * @param string $raw_passwd * @param string $username diff --git a/libraries/Encryption/CrazyCrypt1.class.php b/libraries/Encryption/CrazyCrypt1.class.php new file mode 100644 index 00000000..24f69b0c --- /dev/null +++ b/libraries/Encryption/CrazyCrypt1.class.php @@ -0,0 +1,28 @@ +