detached ciphers

admin/options.php

@@ -3,7 +3,7 @@
  * @Author: printempw
  * @Date:   2016-03-18 22:50:25
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-04-03 14:37:11
+ * @Last Modified time: 2016-04-03 15:09:33
  */
 require "../libraries/session.inc.php";
 if (!$user->is_admin) Utils::redirect('../index.php?msg=看起来你并不是管理员');
@@ -156,6 +156,17 @@ $db = new Database\Database('users');
                                            <input type="text" class="form-control" name="data_table_name" value="<?php echo Option::get('data_table_name'); ?>">
                                         </td>
                                     </tr>
+                                    <tr data-toggle="tooltip" data-placement="bottom" title="默认为 MD5。Authme 默认为 SHA256，CrazyLogin 为 CrazyCrypt1，Discuz 为 SALTED2MD5。没有需要的加密算法？请联系作者。">
+                                        <td class="key">密码加密算法</td>
+                                        <td class="value">
+                                           <select class="form-control" name="encryption">
+                                               <option <?php echo (Option::get('encryption') == 'MD5') ? 'selected="selected"' : ''; ?> value="MD5">MD5</option>
+                                               <option <?php echo (Option::get('encryption') == 'SALTED2MD5') ? 'selected="selected"' : ''; ?> value="SALTED2MD5">SALTED2MD5</option>
+                                               <option <?php echo (Option::get('encryption') == 'SHA256') ? 'selected="selected"' : ''; ?> value="SHA256">SHA256</option>
+                                               <option <?php echo (Option::get('encryption') == 'CrazyCrypt1') ? 'selected="selected"' : ''; ?> value="CrazyCrypt1">CrazyCrypt1</option>
+                                          </select>
+                                        </td>
+                                    </tr>
                                     <tr>
                                         <td class="key">对接数据表用户名字段</td>
                                         <td class="value">

libraries/Database/AdaptedDatabase.class.php

@@ -3,17 +3,17 @@
  * @Author: printempw
  * @Date:   2016-03-18 16:53:55
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-04-02 22:14:12
+ * @Last Modified time: 2016-04-03 15:36:35
  */
 
 namespace Database;
 
 use Database\Database;
-use Database\EncryptInterface;
+use Database\PasswordInterface;
 use Database\SyncInterface;
 use Option;
 
-class AdaptedDatabase extends Database implements EncryptInterface, SyncInterface
+class AdaptedDatabase extends Database implements PasswordInterface, SyncInterface
 {
     protected $data_table;
     protected $column_uname;

libraries/Database/AuthmeDatabase.class.php

@@ -3,7 +3,7 @@
  * @Author: printempw
  * @Date:   2016-03-13 11:59:32
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-04-02 22:03:39
+ * @Last Modified time: 2016-04-03 15:19:38
  */
 
 namespace Database;
@@ -25,8 +25,8 @@ class AuthmeDatabase extends AdaptedDatabase
             // generate random salt
             $salt = \Utils::generateRndString(16);
         }
-        $hash = hash('sha256', hash('sha256', $raw_passwd).$salt);
-        $encrypt = '$SHA$'.$salt.'$'. $hash;
+        $class_name = "Encryption\\".\Option::get('encryption');
+        $encrypt = '$SHA$'.$salt.'$'. $class_name::encrypt($raw_passwd, $salt);
         return $encrypt;
     }
 

libraries/Database/CrazyDatabase.class.php

@@ -3,7 +3,7 @@
  * @Author: printempw
  * @Date:   2016-03-13 12:15:08
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-03-18 17:23:25
+ * @Last Modified time: 2016-04-03 15:31:54
  */
 
 namespace Database;
@@ -18,12 +18,8 @@ class CrazyDatabase extends AdaptedDatabase
      * https://github.com/ST-DDT/CrazyLogin/blob/master/php/Encryptors/CrazyCrypt1.php
      */
     public function encryptPassword($raw_passwd, $username="") {
-        $text = "ÜÄaeut//&/=I " . $raw_passwd . "7421€547" . $username . "__+IÄIH§%NK " . $raw_passwd;
-        $t1 = unpack("H*", $text);
-        $t2 = substr($t1[1], 0, mb_strlen($text, 'UTF-8')*2);
-        $t3 = pack("H*", $t2);
-        $encrypt = hash("sha512", $t3);
-        return $encrypt;
+        $class_name = "Encryption\\".\Option::get('encryption');
+        return $class_name::encrypt($raw_passwd, $username);
     }
 
 }

libraries/Database/Database.class.php

@@ -3,7 +3,7 @@
  * @Author: printempw
  * @Date:   2016-02-02 21:59:06
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-04-02 22:50:41
+ * @Last Modified time: 2016-04-03 15:36:27
  */
 
 namespace Database;
@@ -11,7 +11,7 @@ namespace Database;
 use Utils;
 use E;
 
-class Database implements EncryptInterface, SyncInterface
+class Database implements PasswordInterface, SyncInterface
 {
     private $connection = null;
 
@@ -124,8 +124,8 @@ class Database implements EncryptInterface, SyncInterface
     }
 
     public function encryptPassword($raw_passwd, $username = "") {
-        $encrypt = md5($raw_passwd);
-        return $encrypt;
+        $class_name = "Encryption\\".\Option::get('encryption');
+        return $class_name::encrypt($raw_passwd);
     }
 
     public function sync($username, $reverse = false) {

libraries/Database/DiscuzDatabase.class.php

@@ -3,7 +3,7 @@
  * @Author: printempw
  * @Date:   2016-03-13 14:59:32
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-03-18 17:23:38
+ * @Last Modified time: 2016-04-03 15:24:30
  */
 
 namespace Database;
@@ -13,13 +13,12 @@ use Database\AdaptedDatabase;
 class DiscuzDatabase extends AdaptedDatabase
 {
     /**
-     * Discuz's Fucking dynamic salt
+     * Parse Discuz's Fucking dynamic salt
      */
     public function encryptPassword($raw_passwd, $username="") {
-        $salt = $this->query("SELECT * FROM ".$this->table_name."
-            WHERE ".$this->column_uname."='$username'")->fetch_array()['salt'];
-        $encrypt = md5(md5($raw_passwd).$salt);
-        return $encrypt;
+        $salt = $this->select($this->column_uname, $username, null, $this->data_table)['salt'];
+        $class_name = "Encryption\\".\Option::get('encryption');
+        return $class_name::encrypt($raw_passwd, $salt);
     }
 
 }

libraries/Database/PasswordInterface.class.php

@@ -3,15 +3,15 @@
  * @Author: printempw
  * @Date:   2016-03-13 11:53:47
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-03-18 17:23:08
+ * @Last Modified time: 2016-04-03 15:36:11
  */
 
 namespace Database;
 
-interface EncryptInterface
+interface PasswordInterface
 {
     /**
-     * Encrypt password, please define it to adapt to other encryption method
+     * Return encrypted password
      *
      * @param  string $raw_passwd
      * @param  string $username

libraries/Encryption/CrazyCrypt1.class.php

@@ -0,0 +1,28 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-04-03 14:55:38
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-04-03 15:19:12
+ */
+
+namespace Encryption;
+
+class CrazyCrypt1 implements EncryptInterface
+{
+    /**
+     * Fucking CrazyCrypt1
+     *
+     * https://github.com/ST-DDT/CrazyLogin/blob/master/php/Encryptors/CrazyCrypt1.php
+     */
+    public function encrypt($raw_passwd, $salt = "") {
+        // salt is username
+        $text = "ÜÄaeut//&/=I " . $raw_passwd . "7421€547" . $salt . "__+IÄIH§%NK " . $raw_passwd;
+        $t1 = unpack("H*", $text);
+        $t2 = substr($t1[1], 0, mb_strlen($text, 'UTF-8')*2);
+        $t3 = pack("H*", $t2);
+        $encrypt = hash("sha512", $t3);
+        return $encrypt;
+    }
+
+}

libraries/Encryption/EncryptInterface.class.php

@@ -0,0 +1,21 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-04-03 14:43:46
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-04-03 15:37:11
+ */
+
+namespace Encryption;
+
+interface EncryptInterface
+{
+    /**
+     * Encrypt given string, please define it to adapt to other encryption method
+     *
+     * @param  string $raw_passwd
+     * @param  string $salt
+     * @return string, ecrypted password
+     */
+    public function encrypt($raw_passwd, $salt = "");
+}

libraries/Encryption/MD5.class.php

@@ -0,0 +1,20 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-04-03 14:53:42
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-04-03 15:19:09
+ */
+
+namespace Encryption;
+
+class MD5 implements EncryptInterface
+{
+    /**
+     * Once MD5 encrypt
+     */
+    public function encrypt($raw_passwd, $salt = "") {
+        $encrypt = md5($raw_passwd);
+        return $encrypt;
+    }
+}

libraries/Encryption/SALTED2MD5.class.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-04-03 14:58:11
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-04-03 15:27:11
+ */
+
+namespace Encryption;
+
+class SALTED2MD5 implements EncryptInterface
+{
+    public function encrypt($raw_passwd, $salt = "") {
+        $encrypt = md5(md5($raw_passwd).$salt);
+        return $encrypt;
+    }
+}

libraries/Encryption/SHA256.class.php

@@ -0,0 +1,23 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-04-03 14:50:45
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-04-03 15:19:06
+ */
+
+namespace Encryption;
+
+class SHA256 implements EncryptInterface
+{
+    /**
+     * Default SHA256 encryption method for Authme
+     *
+     * @see http://pastebin.com/1wy9g2HT
+     */
+    public function encrypt($raw_passwd, $salt = "") {
+        $encrypt = hash('sha256', hash('sha256', $raw_passwd).$salt);
+        return $encrypt;
+    }
+
+}