mram-phpbb_hash 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. data/.gitignore +17 -0
  2. data/Gemfile +4 -0
  3. data/LICENSE +22 -0
  4. data/README.md +22 -0
  5. data/Rakefile +2 -0
  6. data/lib/mram-phpbb_hash/version.rb +5 -0
  7. data/lib/mram-phpbb_hash.rb +70 -0
  8. data/mram-phpbb_hash.gemspec +17 -0
  9. metadata +53 -0
data/.gitignore ADDED
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in mram-phpbb_hash.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2012 Markus Rambossek
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,22 @@
1
+ Mram::PhpbbHash
2
+ ===============
3
+
4
+ i'm not exactly sure what, and why, the phpBB people are doing this crazy custom hashing. but if you ever need to authenticate against a phpBB user table, this gem will help you do exactly that.
5
+
6
+ Usage
7
+ =====
8
+
9
+ just include mram-phpbb\_hash in your Gemfile, and use it like this:
10
+
11
+ > inputpass = params[:password] # from post variables, for example
12
+ > phpbbhash = get\_hash\_from\_phpbb\_database(params[:user]) # whatever you need to do to get the hash from the database
13
+ > if Mram::PhpbbHash.check\_hash(inputpass, phpbbhash) then
14
+ > puts "success!"
15
+ > else
16
+ > puts "hash does not match!"
17
+ > end
18
+
19
+ Other Info
20
+ ==========
21
+
22
+ the actual code was translated to ruby by me from [phpBB 3 Sources](https://github.com/phpbb/phpbb3/blob/develop/phpBB/includes/functions.php).
data/Rakefile ADDED
@@ -0,0 +1,2 @@
1
+ #!/usr/bin/env rake
2
+ require "bundler/gem_tasks"
data/lib/mram-phpbb_hash/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ module Mram
2
+ module PhpbbHash
3
+ VERSION = "0.1.0"
4
+ end
5
+ end
data/lib/mram-phpbb_hash.rb ADDED
@@ -0,0 +1,70 @@
1
+ require "mram-phpbb_hash/version"
2
+
3
+ require 'digest/md5'
4
+
5
+ module Mram
6
+ module PhpbbHash
7
+ def self.check_hash(password, hash)
8
+ itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
9
+
10
+ if hash.length == 34 then
11
+ calc_phpbb_hash(password, hash, itoa64) == hash
12
+ else
13
+ calc_md5(password) == hash
14
+ end
15
+ end
16
+
17
+ def self.calc_md5(password)
18
+ return Digest::MD5.hexdigest(password)
19
+ end
20
+
21
+ def self.calc_phpbb_hash(password, setting, itoa64)
22
+ # Check for correct hash
23
+ hashtype = setting[0..2]
24
+ raise(Exception::WrongHashTypeError, "unknown hash type: '#{hashtype}'") unless [ "$H$", "$P$" ].include?(hashtype)
25
+
26
+ count_log2 = itoa64.index(setting[3])
27
+ raise(Exception::WtfError, "WTF: count_log2 is #{count_log2}") unless (7..30).include? count_log2
28
+
29
+ count = 1 << count_log2
30
+ salt = setting[4, 8]
31
+ raise(Exception::WtfError, "WTF: salt.length is not 8") unless salt.length == 8
32
+
33
+ hash = Digest::MD5.digest(salt + password)
34
+ count.times { hash = Digest::MD5.digest(hash + password) }
35
+
36
+ setting[0, 12] + _hash_encode64(hash, 16, itoa64)
37
+ end
38
+
39
+ def self._hash_encode64(input, count, itoa64)
40
+ output = ""
41
+
42
+ i = 0
43
+ begin
44
+ value = input[i].ord
45
+ i += 1
46
+
47
+ output += itoa64[value & 0x3f]
48
+ value |= (input[i].ord << 8) if i < count
49
+ output += itoa64[(value >> 6) & 0x3f]
50
+
51
+ break if i >= count
52
+ i += 1
53
+
54
+ value |= (input[i].ord << 16) if i < count
55
+ output += itoa64[(value >> 12) & 0x3f]
56
+
57
+ break if i >= count
58
+ i += 1
59
+
60
+ output += itoa64[(value >> 18) & 0x3f]
61
+ end while i < count
62
+
63
+ output
64
+ end
65
+ end
66
+
67
+ module Exception
68
+ class WrongHashTypeError < StandardError; end
69
+ end
70
+ end
data/mram-phpbb_hash.gemspec ADDED
@@ -0,0 +1,17 @@
1
+ # -*- encoding: utf-8 -*-
2
+ require File.expand_path('../lib/mram-phpbb_hash/version', __FILE__)
3
+
4
+ Gem::Specification.new do |gem|
5
+ gem.authors = ["Markus Rambossek"]
6
+ gem.email = ["git@rambossek.at"]
7
+ gem.description = %q{allows you to check a password against a phpBB 3.x hash}
8
+ gem.summary = %q{allows you to check a password against a phpBB 3.x hash}
9
+ gem.homepage = "https://github.com/mrambossek/mram-phpbb_hash"
10
+
11
+ gem.files = `git ls-files`.split($\)
12
+ gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
13
+ gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
14
+ gem.name = "mram-phpbb_hash"
15
+ gem.require_paths = ["lib"]
16
+ gem.version = Mram::PhpbbHash::VERSION
17
+ end
metadata ADDED
@@ -0,0 +1,53 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: mram-phpbb_hash
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Markus Rambossek
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-09-01 00:00:00.000000000 Z
13
+ dependencies: []
14
+ description: allows you to check a password against a phpBB 3.x hash
15
+ email:
16
+ - git@rambossek.at
17
+ executables: []
18
+ extensions: []
19
+ extra_rdoc_files: []
20
+ files:
21
+ - .gitignore
22
+ - Gemfile
23
+ - LICENSE
24
+ - README.md
25
+ - Rakefile
26
+ - lib/mram-phpbb_hash.rb
27
+ - lib/mram-phpbb_hash/version.rb
28
+ - mram-phpbb_hash.gemspec
29
+ homepage: https://github.com/mrambossek/mram-phpbb_hash
30
+ licenses: []
31
+ post_install_message:
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ required_ruby_version: !ruby/object:Gem::Requirement
36
+ none: false
37
+ requirements:
38
+ - - ! '>='
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ required_rubygems_version: !ruby/object:Gem::Requirement
42
+ none: false
43
+ requirements:
44
+ - - ! '>='
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ requirements: []
48
+ rubyforge_project:
49
+ rubygems_version: 1.8.11
50
+ signing_key:
51
+ specification_version: 3
52
+ summary: allows you to check a password against a phpBB 3.x hash
53
+ test_files: []