* @license LGPL2 */ class PassHash { /** * Verifies a cleartext password against a crypted hash * * The method and salt used for the crypted hash is determined automatically, * then the clear text password is crypted using the same method. If both hashs * match true is is returned else false * * @author Andreas Gohr * * @param string $clear Clear-Text password * @param string $hash Hash to compare against * @return bool */ function verify_hash($clear, $hash) { $method = ''; $salt = ''; $magic = ''; //determine the used method and salt $len = strlen($hash); if(preg_match('/^\$1\$([^\$]{0,8})\$/', $hash, $m)) { $method = 'smd5'; $salt = $m[1]; $magic = '1'; } elseif(preg_match('/^\$apr1\$([^\$]{0,8})\$/', $hash, $m)) { $method = 'apr1'; $salt = $m[1]; $magic = 'apr1'; } elseif(preg_match('/^\$P\$(.{31})$/', $hash, $m)) { $method = 'pmd5'; $salt = $m[1]; $magic = 'P'; } elseif(preg_match('/^\$H\$(.{31})$/', $hash, $m)) { $method = 'pmd5'; $salt = $m[1]; $magic = 'H'; } elseif(preg_match('/^pbkdf2_(\w+?)\$(\d+)\$(.{12})\$/', $hash, $m)) { $method = 'djangopbkdf2'; $magic = array( 'algo' => $m[1], 'iter' => $m[2], ); $salt = $m[3]; } elseif(preg_match('/^sha1\$(.{5})\$/', $hash, $m)) { $method = 'djangosha1'; $salt = $m[1]; } elseif(preg_match('/^md5\$(.{5})\$/', $hash, $m)) { $method = 'djangomd5'; $salt = $m[1]; } elseif(preg_match('/^\$2(a|y)\$(.{2})\$/', $hash, $m)) { $method = 'bcrypt'; $salt = $hash; } elseif(substr($hash, 0, 6) == '{SSHA}') { $method = 'ssha'; $salt = substr(base64_decode(substr($hash, 6)), 20); } elseif(substr($hash, 0, 6) == '{SMD5}') { $method = 'lsmd5'; $salt = substr(base64_decode(substr($hash, 6)), 16); } elseif(preg_match('/^:B:(.+?):.{32}$/', $hash, $m)) { $method = 'mediawiki'; $salt = $m[1]; } elseif(preg_match('/^\$6\$(.+?)\$/', $hash, $m)) { $method = 'sha512'; $salt = $m[1]; } elseif($len == 32) { $method = 'md5'; } elseif($len == 40) { $method = 'sha1'; } elseif($len == 16) { $method = 'mysql'; } elseif($len == 41 && $hash[0] == '*') { $method = 'my411'; } elseif($len == 34) { $method = 'kmd5'; $salt = $hash; } else { $method = 'crypt'; $salt = substr($hash, 0, 2); } //crypt and compare $call = 'hash_'.$method; $newhash = $this->$call($clear, $salt, $magic); if(\hash_equals($newhash, $hash)) { return true; } return false; } /** * Create a random salt * * @param int $len The length of the salt * @return string */ public function gen_salt($len = 32) { $salt = ''; $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; for($i = 0; $i < $len; $i++) { $salt .= $chars[$this->random(0, 61)]; } return $salt; } /** * Initialize the passed variable with a salt if needed. * * If $salt is not null, the value is kept, but the lenght restriction is * applied (unless, $cut is false). * * @param string|null &$salt The salt, pass null if you want one generated * @param int $len The length of the salt * @param bool $cut Apply length restriction to existing salt? */ public function init_salt(&$salt, $len = 32, $cut = true) { if(is_null($salt)) { $salt = $this->gen_salt($len); $cut = true; // for new hashes we alway apply length restriction } if(strlen($salt) > $len && $cut) $salt = substr($salt, 0, $len); } // Password hashing methods follow below /** * Password hashing method 'smd5' * * Uses salted MD5 hashs. Salt is 8 bytes long. * * The same mechanism is used by Apache's 'apr1' method. This will * fallback to a implementation in pure PHP if MD5 support is not * available in crypt() * * @author Andreas Gohr * @author * @link http://php.net/manual/en/function.crypt.php#73619 * * @param string $clear The clear text to hash * @param string $salt The salt to use, null for random * @return string Hashed password */ public function hash_smd5($clear, $salt = null) { $this->init_salt($salt, 8); if(defined('CRYPT_MD5') && CRYPT_MD5 && $salt !== '') { return crypt($clear, '$1$'.$salt.'$'); } else { // Fall back to PHP-only implementation return $this->hash_apr1($cl
/*
 * autocomplete.h
 *
 * Copyright (C) 2012 - 2015 James Booth <boothj5@gmail.com>
 *
 * This file is part of Profanity.
 *
 * Profanity is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Profanity is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Profanity.  If not, see <http://www.gnu.org/licenses/>.
 *
 * In addition, as a special exception, the copyright holders give permission to
 * link the code of portions of this program with the OpenSSL library under
 * certain conditions as described in each individual source file, and
 * distribute linked combinations including the two.
 *
 * You must obey the GNU General Public License in all respects for all of the
 * code used other than OpenSSL. If you modify file(s) with this exception, you
 * may extend this exception to your version of the file(s), but you are not
 * obligated to do so. If you do not wish to do so, delete this exception
 * statement from your version. If you delete this exception statement from all
 * source files in the program, then also delete it here.
 *
 */

#ifndef AUTOCOMPLETE_H
#define AUTOCOMPLETE_H

#include <glib.h>

typedef char*(*autocomplete_func)(const char * const);
typedef struct autocomplete_t *Autocomplete;

// allocate new autocompleter with no items
Autocomplete autocomplete_new(void);

// Remove all items from the autocompleter
void autocomplete_clear(Autocomplete ac);

// free all memory used by the autocompleter
void autocomplete_free(Autocomplete ac);

void autocomplete_add(Autocomplete ac, const char *item);
void autocomplete_remove(Autocomplete ac, const char * const item);

// find the next item prefixed with search string
gchar * autocomplete_complete(Autocomplete ac, const gchar *search_str, gboolean quote);

GSList * autocomplete_create_list(Autocomplete ac);
gint autocomplete_length(Autocomplete ac);

char * autocomplete_param_with_func(const char * const input, char *command,
    autocomplete_func func);

char * autocomplete_param_with_ac(const char * const input, char *command,
    Autocomplete ac, gboolean quote);

char * autocomplete_param_no_with_func(const char * const input, char *command,
    int arg_number, autocomplete_func func);

void autocomplete_reset(Autocomplete ac);

gboolean autocomplete_contains(Autocomplete ac, const char *value);
#endif
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-08-14 06:13:51 +0000
c function hmac($algo, $data, $key, $raw_output = false) { // use native function if available and not in unit test if(function_exists('hash_hmac') && !defined('SIMPLE_TEST')){ return hash_hmac($algo, $data, $key, $raw_output); } $algo = strtolower($algo); $pack = 'H' . strlen($algo('test')); $size = 64; $opad = str_repeat(chr(0x5C), $size); $ipad = str_repeat(chr(0x36), $size); if(strlen($key) > $size) { $key = str_pad(pack($pack, $algo($key)), $size, chr(0x00)); } else { $key = str_pad($key, $size, chr(0x00)); } for($i = 0; $i < strlen($key) - 1; $i++) { $opad[$i] = $opad[$i] ^ $key[$i]; $ipad[$i] = $ipad[$i] ^ $key[$i]; } $output = $algo($opad . pack($pack, $algo($ipad . $data))); return ($raw_output) ? pack($pack, $output) : $output; } /** * Use DokuWiki's secure random generator if available * * @param int $min * @param int $max * @return int */ protected function random($min, $max){ return random_int($min, $max); } }