Added new hashing functions and updated random string generator to only use lowercase letters.

2012-10-07 10:00:09 -04:00 · 2012-10-07 10:00:09 -04:00 · a843589855
commit a843589855
parent 54372d24b7
3 changed files with 90 additions and 14 deletions
--- a/classes/Security.php
+++ b/classes/Security.php
@ -40,13 +40,13 @@ class Security
 	/**
 	 * Generate Hash
 	 *
-	 * Generates an SHA1 hash from the provided string. Optionally can be salted.
+	 * Generates an SHA1 hash from the provided string. Salt optional.
 	 *
-	 * @param  string $value value to hash
+	 * @param  string $source value to hash
 	 * @param  mixed $salts optional salt or salts
-	 * @return string SHA1 has
+	 * @return string SHA1 hash
 	 */
-	public static function generateHash($value, $salts = null)
+	public static function generateHash($source, $salts = null)
 	{
 		// Determines which salt(s) to use
 		if ($salts == null)
@ -70,7 +70,8 @@ class Security
 		}

 		// Loops through the salts, applies them and calculates the hash
-		$hash = $value;
+		$hash = $source;
+
 		foreach ($salts as $salt)
 		{
 			$hash = sha1($salt . $hash);
@ -79,6 +80,43 @@ class Security
 		return $hash;
 	}

+	/**
+	 * SHA-256
+	 *
+	 * Generates an SHA-256 hash from the provided string.
+	 *
+	 * @param  string $source value to hash
+	 * @return string SHA1 hash
+	 */
+	public static function sha256($source)
+	{
+		return hash('sha256', $source);
+	}
+
+	/**
+	 * Generate SHA-256 Hash
+	 *
+	 * Generates an SHA-256 hash from the provided string and salt. Borrowed the
+	 * large iteration logic from fCryptography::hashWithSalt() as, and I quote,
+	 * "makes rainbow table attacks infesible".
+	 *
+	 * @param  string $source value to hash
+	 * @param  mixed $salt value to use as salt
+	 * @return string SHA-256 hash
+	 * @link   https://github.com/flourishlib/flourish-classes/blob/master/fCryptography.php
+	 */
+	public static function generateSHA256Hash($source, $salt)
+	{
+		$sha256 = sha1($salt . $source);
+
+		for ($i = 0; $i < 1000; $i++)
+		{
+			$sha256 = Security::sha256($sha256 . (($i % 2 == 0) ? $source : $salt));
+		}
+
+		return $sha256;
+	}
+
 	/**
 	 * Check Session
 	 *
--- a/classes/String.php
+++ b/classes/String.php
@ -118,11 +118,11 @@ class String
 		{
 			if ($similar == true)
 			{
-				$characters = array_merge($characters, range('A', 'Z'));
+				$characters = array_merge($characters, range('a', 'z'));
 			}
 			else
 			{
-				$characters = array_merge($characters, range('A', 'H'), range('J', 'N'), range('P', 'Z'));
+				$characters = array_merge($characters, range('a', 'h'), range('j', 'n'), range('p', 'z'));
 			}
 		}

--- a/jar.php
+++ b/jar.php
@ -5935,13 +5935,13 @@ class Security
 	/**
 	 * Generate Hash
 	 *
-	 * Generates an SHA1 hash from the provided string. Optionally can be salted.
+	 * Generates an SHA1 hash from the provided string. Salt optional.
 	 *
-	 * @param  string $value value to hash
+	 * @param  string $source value to hash
 	 * @param  mixed $salts optional salt or salts
-	 * @return string SHA1 has
+	 * @return string SHA1 hash
 	 */
-	public static function generateHash($value, $salts = null)
+	public static function generateHash($source, $salts = null)
 	{
 		// Determines which salt(s) to use
 		if ($salts == null)
@ -5965,7 +5965,8 @@ class Security
 		}

 		// Loops through the salts, applies them and calculates the hash
-		$hash = $value;
+		$hash = $source;
+
 		foreach ($salts as $salt)
 		{
 			$hash = sha1($salt . $hash);
@ -5974,6 +5975,43 @@ class Security
 		return $hash;
 	}

+	/**
+	 * SHA-256
+	 *
+	 * Generates an SHA-256 hash from the provided string.
+	 *
+	 * @param  string $source value to hash
+	 * @return string SHA1 hash
+	 */
+	public static function sha256($source)
+	{
+		return hash('sha256', $source);
+	}
+
+	/**
+	 * Generate SHA-256 Hash
+	 *
+	 * Generates an SHA-256 hash from the provided string and salt. Borrowed the
+	 * large iteration logic from fCryptography::hashWithSalt() as, and I quote,
+	 * "makes rainbow table attacks infesible".
+	 *
+	 * @param  string $source value to hash
+	 * @param  mixed $salt value to use as salt
+	 * @return string SHA-256 hash
+	 * @link   https://github.com/flourishlib/flourish-classes/blob/master/fCryptography.php
+	 */
+	public static function generateSHA256Hash($source, $salt)
+	{
+		$sha256 = sha1($salt . $source);
+
+		for ($i = 0; $i < 1000; $i++)
+		{
+			$sha256 = Security::sha256($sha256 . (($i % 2 == 0) ? $source : $salt));
+		}
+
+		return $sha256;
+	}
+
 	/**
 	 * Check Session
 	 *
@ -6761,11 +6799,11 @@ class String
 		{
 			if ($similar == true)
 			{
-				$characters = array_merge($characters, range('A', 'Z'));
+				$characters = array_merge($characters, range('a', 'z'));
 			}
 			else
 			{
-				$characters = array_merge($characters, range('A', 'H'), range('J', 'N'), range('P', 'Z'));
+				$characters = array_merge($characters, range('a', 'h'), range('j', 'n'), range('p', 'z'));
 			}
 		}