<?php if (!defined('PmWiki')) exit();

/*
 * cryptplus.php
 * Copyright 2012 by M J Gubby
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * CryptPlus: better password encryption for PmWiki v2.x
 * This script provides support for additional password hashing
 * algorithms (Blowfish, SHA-256 and SHA-512) assuming your crypt()
 * function supports them (PHP has a native implementation from v5.3.0
 * and above). The script will also process MD5 (including APR-1)
 * and SHA-1 hash requests for backwards compatibility.
 * See pmwiki.org/wiki/Cookbook/CryptPlus for more information.
 * 
*/

$RecipeInfo['CryptPlus']['Version'] = '2012-12-27';

/*
USAGE:

$passwd
Plain text of password to be hashed.

$algorithm
Optionally select hash algorithm by specifying a number (default is 4):
    0 = apr1
    1 = crypt
    2 = sha1
    3 = blowfish (see additional arguments)
    4 = sha256
    5 = sha512

$bPrefix
Optionally specify Blowfish prefix, which must be one of the following:
    "$2a$" (default if not specified)
    "$2x$" (requires PHP 5.3.7 or above)
    "$2y$" (requires PHP 5.3.7 or above)
See http://www.php.net/security/crypt_blowfish.php for more info.

$bCost
Optionally specify Blowfish cost parameter (base-2 logarithm of
iteration count).
Must be a two-digit value between 04 and 31, expressed as a a string.
Default is "10", ie. 2^10 = 1024 iterations.

*/

function secureHash($passwd, $algorithm = 4, $bPrefix = "$2a$", $bCost = "10") {

 if ($algorithm < 0) {
  $algorithm = 4;  /* default to SHA-256 */
 }

 if ($algorithm > 5) {
  $algorithm = 4;  /* default to SHA-256 */
 }

 if ($algorithm == 0) {
  $algorithmName = "APR1-MD5";
  $saltLength = 8;
  $salt = CreateSalt($saltLength);
  $cryptsalt = '$apr1$'.$salt;
 }

 if ($algorithm == 1) {
  $algorithmName = "MD5";
  $saltLength = 8;
  $salt = CreateSalt($saltLength);
  $cryptsalt = '$1$'.$salt;
 }

 if ($algorithm == 2) {
  $algorithmName = "SHA-1";
  $cryptsalt = "{SHA}";
 }

 if ($algorithm == 3) {
  $algorithmName = "Blowfish";
  $saltLength = 22;
  $salt = CreateSalt($saltLength);
  $cryptsalt = $bPrefix . $bCost . '$' . $salt;
 }

 if ($algorithm == 4) {
  $algorithmName = "SHA-256";
  $saltLength = 16;
  $salt = CreateSalt($saltLength);
  $cryptsalt = '$5$'.$salt;
 }

 if ($algorithm == 5) {
  $algorithmName = "SHA-512";
  $saltLength = 16;
  $salt = CreateSalt($saltLength);
  $cryptsalt = '$6$'.$salt;
 }

 /* call _crypt function from authuser.php, which is required for apr1 and sha1 hashes, and which passes all others to Unix crypt() */
 $pwHash = _crypt($passwd, $cryptsalt);
 return $pwHash;

}

/* CreateSalt: generates alphanumeric salt of given length */
function CreateSalt($max){
 $i = 0;
 $salt = "";
 $charList = "ABCDEFGHIJKLMNOPQRSTUVQXYZabcdefghijklmnopqrstuvqxyz0123456789";
 while ($i <$max) {
    $salt = $salt . $charList{mt_rand(0, (strlen($charList) - 1))};
    $i++;
 }
 return $salt;
}

?>