Created
June 7, 2016 17:36
-
-
Save lorenzulrich/e040cce4e1737be9944adaadf9b53c87 to your computer and use it in GitHub Desktop.
Re-using TYPO3 CMS (salted MD5) passwords in Flow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TYPO3: | |
Flow: | |
security: | |
cryptography: | |
hashingStrategies: | |
typo3md5salted: Vendor\Package\Security\Cryptography\Typo3Md5SaltedHashingStrategy | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace Vendor\Package\Security\Cryptography; | |
use TYPO3\Flow\Annotations as Flow; | |
use TYPO3\Flow\Utility\Algorithms as UtilityAlgorithms; | |
/** | |
* Compatibility for passwords generated by TYPO3 CMS with EXT:saltedpasswords (Method: MD5 salted) enabled | |
*/ | |
class Typo3Md5SaltedHashingStrategy implements \TYPO3\Flow\Security\Cryptography\PasswordHashingStrategyInterface | |
{ | |
/** | |
* @param string $password The plaintext password to hash | |
* @param string $staticSalt Optional static salt that will not be stored in the hashed password | |
* @return string the result of the crypt() call | |
*/ | |
public function hashPassword($password, $staticSalt = null) | |
{ | |
die('This strategy is only used for backwards compatibility. On resetting a password, a Flow strategy should be used.'); | |
} | |
/** | |
* @param string $password The cleartext password | |
* @param string $hashedPasswordAndSalt The derived key and salt in as returned by crypt() for verification | |
* @param null $staticSalt | |
* @return boolean TRUE if the given password matches the hashed password | |
*/ | |
public function validatePassword($password, $hashedPasswordAndSalt, $staticSalt = null) | |
{ | |
return crypt($password, $hashedPasswordAndSalt) === $hashedPasswordAndSalt; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment