mram-phpbb_hash 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +17 -0
- data/Gemfile +4 -0
- data/LICENSE +22 -0
- data/README.md +22 -0
- data/Rakefile +2 -0
- data/lib/mram-phpbb_hash/version.rb +5 -0
- data/lib/mram-phpbb_hash.rb +70 -0
- data/mram-phpbb_hash.gemspec +17 -0
- metadata +53 -0
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2012 Markus Rambossek
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Mram::PhpbbHash
|
2
|
+
===============
|
3
|
+
|
4
|
+
i'm not exactly sure what, and why, the phpBB people are doing this crazy custom hashing. but if you ever need to authenticate against a phpBB user table, this gem will help you do exactly that.
|
5
|
+
|
6
|
+
Usage
|
7
|
+
=====
|
8
|
+
|
9
|
+
just include mram-phpbb\_hash in your Gemfile, and use it like this:
|
10
|
+
|
11
|
+
> inputpass = params[:password] # from post variables, for example
|
12
|
+
> phpbbhash = get\_hash\_from\_phpbb\_database(params[:user]) # whatever you need to do to get the hash from the database
|
13
|
+
> if Mram::PhpbbHash.check\_hash(inputpass, phpbbhash) then
|
14
|
+
> puts "success!"
|
15
|
+
> else
|
16
|
+
> puts "hash does not match!"
|
17
|
+
> end
|
18
|
+
|
19
|
+
Other Info
|
20
|
+
==========
|
21
|
+
|
22
|
+
the actual code was translated to ruby by me from [phpBB 3 Sources](https://github.com/phpbb/phpbb3/blob/develop/phpBB/includes/functions.php).
|
data/Rakefile
ADDED
@@ -0,0 +1,70 @@
|
|
1
|
+
require "mram-phpbb_hash/version"
|
2
|
+
|
3
|
+
require 'digest/md5'
|
4
|
+
|
5
|
+
module Mram
|
6
|
+
module PhpbbHash
|
7
|
+
def self.check_hash(password, hash)
|
8
|
+
itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
|
9
|
+
|
10
|
+
if hash.length == 34 then
|
11
|
+
calc_phpbb_hash(password, hash, itoa64) == hash
|
12
|
+
else
|
13
|
+
calc_md5(password) == hash
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
def self.calc_md5(password)
|
18
|
+
return Digest::MD5.hexdigest(password)
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.calc_phpbb_hash(password, setting, itoa64)
|
22
|
+
# Check for correct hash
|
23
|
+
hashtype = setting[0..2]
|
24
|
+
raise(Exception::WrongHashTypeError, "unknown hash type: '#{hashtype}'") unless [ "$H$", "$P$" ].include?(hashtype)
|
25
|
+
|
26
|
+
count_log2 = itoa64.index(setting[3])
|
27
|
+
raise(Exception::WtfError, "WTF: count_log2 is #{count_log2}") unless (7..30).include? count_log2
|
28
|
+
|
29
|
+
count = 1 << count_log2
|
30
|
+
salt = setting[4, 8]
|
31
|
+
raise(Exception::WtfError, "WTF: salt.length is not 8") unless salt.length == 8
|
32
|
+
|
33
|
+
hash = Digest::MD5.digest(salt + password)
|
34
|
+
count.times { hash = Digest::MD5.digest(hash + password) }
|
35
|
+
|
36
|
+
setting[0, 12] + _hash_encode64(hash, 16, itoa64)
|
37
|
+
end
|
38
|
+
|
39
|
+
def self._hash_encode64(input, count, itoa64)
|
40
|
+
output = ""
|
41
|
+
|
42
|
+
i = 0
|
43
|
+
begin
|
44
|
+
value = input[i].ord
|
45
|
+
i += 1
|
46
|
+
|
47
|
+
output += itoa64[value & 0x3f]
|
48
|
+
value |= (input[i].ord << 8) if i < count
|
49
|
+
output += itoa64[(value >> 6) & 0x3f]
|
50
|
+
|
51
|
+
break if i >= count
|
52
|
+
i += 1
|
53
|
+
|
54
|
+
value |= (input[i].ord << 16) if i < count
|
55
|
+
output += itoa64[(value >> 12) & 0x3f]
|
56
|
+
|
57
|
+
break if i >= count
|
58
|
+
i += 1
|
59
|
+
|
60
|
+
output += itoa64[(value >> 18) & 0x3f]
|
61
|
+
end while i < count
|
62
|
+
|
63
|
+
output
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
module Exception
|
68
|
+
class WrongHashTypeError < StandardError; end
|
69
|
+
end
|
70
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
require File.expand_path('../lib/mram-phpbb_hash/version', __FILE__)
|
3
|
+
|
4
|
+
Gem::Specification.new do |gem|
|
5
|
+
gem.authors = ["Markus Rambossek"]
|
6
|
+
gem.email = ["git@rambossek.at"]
|
7
|
+
gem.description = %q{allows you to check a password against a phpBB 3.x hash}
|
8
|
+
gem.summary = %q{allows you to check a password against a phpBB 3.x hash}
|
9
|
+
gem.homepage = "https://github.com/mrambossek/mram-phpbb_hash"
|
10
|
+
|
11
|
+
gem.files = `git ls-files`.split($\)
|
12
|
+
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
13
|
+
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
14
|
+
gem.name = "mram-phpbb_hash"
|
15
|
+
gem.require_paths = ["lib"]
|
16
|
+
gem.version = Mram::PhpbbHash::VERSION
|
17
|
+
end
|
metadata
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: mram-phpbb_hash
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Markus Rambossek
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-09-01 00:00:00.000000000 Z
|
13
|
+
dependencies: []
|
14
|
+
description: allows you to check a password against a phpBB 3.x hash
|
15
|
+
email:
|
16
|
+
- git@rambossek.at
|
17
|
+
executables: []
|
18
|
+
extensions: []
|
19
|
+
extra_rdoc_files: []
|
20
|
+
files:
|
21
|
+
- .gitignore
|
22
|
+
- Gemfile
|
23
|
+
- LICENSE
|
24
|
+
- README.md
|
25
|
+
- Rakefile
|
26
|
+
- lib/mram-phpbb_hash.rb
|
27
|
+
- lib/mram-phpbb_hash/version.rb
|
28
|
+
- mram-phpbb_hash.gemspec
|
29
|
+
homepage: https://github.com/mrambossek/mram-phpbb_hash
|
30
|
+
licenses: []
|
31
|
+
post_install_message:
|
32
|
+
rdoc_options: []
|
33
|
+
require_paths:
|
34
|
+
- lib
|
35
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
36
|
+
none: false
|
37
|
+
requirements:
|
38
|
+
- - ! '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
42
|
+
none: false
|
43
|
+
requirements:
|
44
|
+
- - ! '>='
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '0'
|
47
|
+
requirements: []
|
48
|
+
rubyforge_project:
|
49
|
+
rubygems_version: 1.8.11
|
50
|
+
signing_key:
|
51
|
+
specification_version: 3
|
52
|
+
summary: allows you to check a password against a phpBB 3.x hash
|
53
|
+
test_files: []
|