Changeset 500 for trunk/lib/Utilities.inc.php

Timestamp:

Nov 15, 2014 9:34:39 PM (10 years ago)

Author:

anonymous

Message:

Many auth and crypto changes; various other bugfixes while working on pulso.

File:

• trunk/lib/Utilities.inc.php (modified) (6 diffs)

trunk/lib/Utilities.inc.php

@@ -945 +945 @@
  * environment variable set in httpd.conf is a good place.
  *
+ * TODO: consider using more bits-per-character, such as done with:
+ * http://www.php.net/manual/en/function.sha1.php#86239
+ * http://blog.kevburnsjr.com/php-unique-hash
+ *
  * @access  public
  * @param   string  $val    The string to sign.
@@ -964 +968 @@
     }
 
-    // TODO: consider using more bits-per-character, such as done with:
-    // http://www.php.net/manual/en/function.sha1.php#86239
-    // http://blog.kevburnsjr.com/php-unique-hash
-    return $val . '-' . mb_strtolower(mb_substr(md5($salt . md5($val . $salt)), 0, $length));
+    switch ($app->getParam('signing_method')) {
+    case 'sha512+base64':
+        return $val . '-' . mb_substr(preg_replace('/[^\w]/', '', base64_encode(hash('sha512', $val . $salt, true))), 0, $length);
+
+    case 'md5':
+    default:
+        return $val . '-' . mb_strtolower(mb_substr(md5($salt . md5($val . $salt)), 0, $length));
+    }
 }
 
@@ -986 +994 @@
 
 /**
- * Verifies a signature appened to a value by addSignature().
+ * Verifies a signature appended to a value by addSignature().
  *
  * @access  public
@@ -995 +1003 @@
 function verifySignature($signed_val, $salt=null, $length=18)
 {
-    // All comparisons are done using lower-case strings.
-    $signed_val = mb_strtolower($signed_val);
     // Strip the value from the signed value.
     $val = removeSignature($signed_val);
@@ -1004 +1010 @@
         return true;
     } else {
+        $app =& App::getInstance();
+        $app->logMsg(sprintf('Failed signature (%s should be %s)', $signed_val, addSignature($val, $salt, $length)), LOG_DEBUG, __FILE__, __LINE__);
         return false;
     }
@@ -1255 +1263 @@
     }
 }
-