refactoring. adding back pagination.
This commit is contained in:
Taylor Otwell
@@ -1,30 +1,30 @@
|
||||
<?php namespace Laravel\Security\Hashing;
|
||||
|
||||
#
|
||||
# Portable PHP password hashing framework.
|
||||
#
|
||||
# Version 0.3 / genuine.
|
||||
#
|
||||
# Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
|
||||
# the public domain. Revised in subsequent years, still public domain.
|
||||
#
|
||||
# There's absolutely no warranty.
|
||||
#
|
||||
# The homepage URL for this framework is:
|
||||
#
|
||||
# http://www.openwall.com/phpass/
|
||||
#
|
||||
# Please be sure to update the Version line if you edit this file in any way.
|
||||
# It is suggested that you leave the main version number intact, but indicate
|
||||
# your project name (after the slash) and add your own revision information.
|
||||
#
|
||||
# Please do not change the "private" password hashing method implemented in
|
||||
# here, thereby making your hashes incompatible. However, if you must, please
|
||||
# change the hash type identifier (the "$P$") to something different.
|
||||
#
|
||||
# Obviously, since this code is in the public domain, the above are not
|
||||
# requirements (there can be none), but merely suggestions.
|
||||
#
|
||||
//
|
||||
// Portable PHP password hashing framework.
|
||||
//
|
||||
// Version 0.3 / genuine.
|
||||
//
|
||||
// Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
|
||||
// the public domain. Revised in subsequent years, still public domain.
|
||||
//
|
||||
// There's absolutely no warranty.
|
||||
//
|
||||
// The homepage URL for this framework is:
|
||||
//
|
||||
// http://www.openwall.com/phpass/
|
||||
//
|
||||
// Please be sure to update the Version line if you edit this file in any way.
|
||||
// It is suggested that you leave the main version number intact, but indicate
|
||||
// your project name (after the slash) and add your own revision information.
|
||||
//
|
||||
// Please do not change the "private" password hashing method implemented in
|
||||
// here, thereby making your hashes incompatible. However, if you must, please
|
||||
// change the hash type identifier (the "$P$") to something different.
|
||||
//
|
||||
// Obviously, since this code is in the public domain, the above are not
|
||||
// requirements (there can be none), but merely suggestions.
|
||||
//
|
||||
class Bcrypt implements Engine {
|
||||
var $itoa64;
|
||||
var $iteration_count_log2;
|
||||
@@ -123,12 +123,12 @@ class Bcrypt implements Engine {
|
||||
if (strlen($salt) != 8)
|
||||
return $output;
|
||||
|
||||
# We're kind of forced to use MD5 here since it's the only
|
||||
# cryptographic primitive available in all versions of PHP
|
||||
# currently in use. To implement our own low-level crypto
|
||||
# in PHP would result in much worse performance and
|
||||
# consequently in lower iteration counts and hashes that are
|
||||
# quicker to crack (by non-PHP code).
|
||||
// We're kind of forced to use MD5 here since it's the only
|
||||
// cryptographic primitive available in all versions of PHP
|
||||
// currently in use. To implement our own low-level crypto
|
||||
// in PHP would result in much worse performance and
|
||||
// consequently in lower iteration counts and hashes that are
|
||||
// quicker to crack (by non-PHP code).
|
||||
if (PHP_VERSION >= '5') {
|
||||
$hash = md5($salt . $password, TRUE);
|
||||
do {
|
||||
@@ -150,8 +150,8 @@ class Bcrypt implements Engine {
|
||||
protected function gensalt_extended($input)
|
||||
{
|
||||
$count_log2 = min($this->iteration_count_log2 + 8, 24);
|
||||
# This should be odd to not reveal weak DES keys, and the
|
||||
# maximum valid value is (2**24 - 1) which is odd anyway.
|
||||
// This should be odd to not reveal weak DES keys, and the
|
||||
// maximum valid value is (2**24 - 1) which is odd anyway.
|
||||
$count = (1 << $count_log2) - 1;
|
||||
|
||||
$output = '_';
|
||||
@@ -167,14 +167,14 @@ class Bcrypt implements Engine {
|
||||
|
||||
protected function gensalt_blowfish($input)
|
||||
{
|
||||
# This one needs to use a different order of characters and a
|
||||
# different encoding scheme from the one in encode64() above.
|
||||
# We care because the last character in our encoded string will
|
||||
# only represent 2 bits. While two known implementations of
|
||||
# bcrypt will happily accept and correct a salt string which
|
||||
# has the 4 unused bits set to non-zero, we do not want to take
|
||||
# chances and we also do not want to waste an additional byte
|
||||
# of entropy.
|
||||
// This one needs to use a different order of characters and a
|
||||
// different encoding scheme from the one in encode64() above.
|
||||
// We care because the last character in our encoded string will
|
||||
// only represent 2 bits. While two known implementations of
|
||||
// bcrypt will happily accept and correct a salt string which
|
||||
// has the 4 unused bits set to non-zero, we do not want to take
|
||||
// chances and we also do not want to waste an additional byte
|
||||
// of entropy.
|
||||
$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
||||
|
||||
$output = '$2a$';
|
||||
@@ -235,9 +235,9 @@ class Bcrypt implements Engine {
|
||||
if (strlen($hash) == 34)
|
||||
return $hash;
|
||||
|
||||
# Returning '*' on error is safe here, but would _not_ be safe
|
||||
# in a crypt(3)-like function used _both_ for generating new
|
||||
# hashes and for validating passwords against existing hashes.
|
||||
// Returning '*' on error is safe here, but would _not_ be safe
|
||||
// in a crypt(3)-like function used _both_ for generating new
|
||||
// hashes and for validating passwords against existing hashes.
|
||||
return '*';
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user