DEV Community

MarianaZapata1
MarianaZapata1

Posted on

How can I modify or remove the PasswordHash class in XenForo to change the encryption algorithm?

#hash #php #password #xenforo

Estoy utilizando XenForo [2.2.13]. Actualmente, la clase PasswordHash maneja la generación y verificación de contraseñas mediante un algoritmo personalizado y lo que quiero hacer es modificar esa clase para cambiar o eliminar el algoritmo de cifrado, pero la verdad es que no sé cómo hacer esto. Les agradecería mucho si me ayudaran con esto.****

`function gensalt_blowfish($input)
{
# This one needs to use a different order of characters and a
# different encoding scheme from the one in encode64() above.
# We care because the last character in our encoded string will
# only represent 2 bits. While two known implementations of
# bcrypt will happily accept and correct a salt string which
# has the 4 unused bits set to non-zero, we do not want to take
# chances and we also do not want to waste an additional byte
# of entropy.
$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';

$output = '$2a$';
$output .= chr(ord('0') + $this->iteration_count_log2 / 10);
$output .= chr(ord('0') + $this->iteration_count_log2 % 10);
$output .= '$';

$i = 0;
do {
    $c1 = ord($input[$i++]);
    $output .= $itoa64[$c1 >> 2];
    $c1 = ($c1 & 0x03) << 4;
    if ($i >= 16) {
        $output .= $itoa64[$c1];
        break;
    }

    $c2 = ord($input[$i++]);
    $c1 |= $c2 >> 4;
    $output .= $itoa64[$c1];
    $c1 = ($c2 & 0x0f) << 2;

    $c2 = ord($input[$i++]);
    $c1 |= $c2 >> 6;
    $output .= $itoa64[$c1];
    $output .= $itoa64[$c2 & 0x3f];
} while (1);

return $output;
Enter fullscreen mode Exit fullscreen mode

}

function HashPassword($password)
{
$random = '';

if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
    $random = $this->get_random_bytes(16);
    $hash = $this->gensalt_blowfish($random);
    return $this->crypt_private($password, $hash);
}

if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) {
    $random = $this->get_random_bytes(3);
    $hash = $this->gensalt_extended($random);
    return $this->crypt_private($password, $hash);
}

$random = $this->get_random_bytes(6);
$hash = $this->gensalt_private($random);

return $this->crypt_private($password, $hash);
Enter fullscreen mode Exit fullscreen mode

}

function CheckPassword($password, $stored_hash)
{
$hash = $this->crypt_private($password, $stored_hash);

return hash_equals($stored_hash, $hash);
Enter fullscreen mode Exit fullscreen mode

}

public function reverseItoA64($char)
{
return strpos($this->itoa64, $char);
}`

Top comments (0)

Read next

richardshaju profile image

Why is PHP still relevant in 2024?

Richard Shaju -

msulaimanmisri profile image

Create a re-useable Mailing Code in Laravel

Muhamad Sulaiman -

rmitesh profile image

Access parent component value from the Repeater in Filament

Mitesh Rathod -

yurich84 profile image

Crafting a Modular Laravel API for Effective SPA Interaction

Yurich -