Location: PHPKode > projects > ZZ/OSS Installer > zic-1.1.0dev1/installer/lib/File/Passwd/Authbasic.php
<?php
// +----------------------------------------------------------------------+
// | PHP Version 4                                                        |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2003 The PHP Group                                |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.0 of the PHP license,       |
// | that is bundled with this package in the file LICENSE, and is        |
// | available at through the world-wide-web at                           |
// | http://www.php.net/license/2_02.txt.                                 |
// | If you did not receive a copy of the PHP license and are unable to   |
// | obtain it through the world-wide-web, please send a note to          |
// | hide@address.com so we can mail you a copy immediately.               |
// +----------------------------------------------------------------------+
// | Author: Michael Wallner <hide@address.com>                               |
// +----------------------------------------------------------------------+
//
// $Id: Authbasic.php,v 1.6 2003/10/01 13:41:31 mike Exp $

/**
* Manipulate AuthUserFiles as used for HTTP Basic Authentication.
*
* @author   Michael Wallner <hide@address.com>
* @package  File_Passwd
*/

/**
* Requires File::Passwd::Common
*/
require_once('File/Passwd/Common.php');

/**
* Allowed 64 characters for MD5 encryption
*/
$GLOBALS['_FILE_PASSWD_AUTHBASIC_64'] = 
    './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

/**
* Manipulate AuthUserFiles as used for HTTP Basic Authentication.
*
* <kbd><u>
*   Usage Example:
* </u></kbd>
* <code>
*   $htp = &File_Passwd::factory('AuthBasic');
*   $htp->setMode('sha');
*   $htp->setFile('/www/mike/auth/.htpasswd');
*   $htp->load();
*   $htp->addUser('mike', 'secret');
*   $htp->save();
* </code>
* 
* <kbd><u>
*   Output of listUser()
* </u></kbd>
* <pre>
*      array
*       + user => crypted_passwd
*       + user => crypted_passwd
* </pre>
* 
* @author   Michael Wallner <hide@address.com>
* @package  File_Passwd
* @version  $Revision: 1.6 $
* @access   public
*/
class File_Passwd_Authbasic extends File_Passwd_Common {

    /** 
    * Path to AuthUserFile
    *
    * @var string
    * @access private
    */
    var $_file = '.htpasswd';

    /** 
    * Actual encryption mode
    *
    * @var string
    * @access private
    */
    var $_mode = 'sha';

    /** 
    * Supported encryption modes
    *
    * @var array
    * @access private
    */
    var $_modes = array('md5' => 'm', 'des' => 'd', 'sha' => 's');

    /** 
    * Constructor
    * 
    * @access public
    * @param  string $file   path to AuthUserFile
    */
    function File_Passwd_Authbasic($file = '.htpasswd') {
        $this->__construct($file);
    }

    /**
    * Constructor (ZE2)
    * 
    * Rewritten because DES encryption is not 
    * supportet by the Win32 httpd.
    * 
    * @access protected
    * @param  string $file   path to AuthUserFile
    */
    function __construct($file = '.htpasswd') {
        if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
            unset($this->_modes['des']);
        }
        $this->setFile($file);
    }

    /**
    * Fast authentication of a certain user
    * 
    * Returns a PEAR_Error if:
    *   o file doesn't exist
    *   o file couldn't be opened in read mode
    *   o file couldn't be locked exclusively
    *   o file couldn't be unlocked (only if auth fails)
    *   o file couldn't be closed (only if auth fails)
    *
    * @static   call this method statically for a reasonable fast authentication
    * 
    * @throws   PEAR_Error
    * @access   public
    * @return   mixed   true if authenticated, false if not or PEAR_Error
    * @param    string  $file   path to passwd file
    * @param    string  $user   user to authenticate
    * @param    string  $pass   plaintext password
    * @param    string  $mode   des, sha or md5
    */
    function staticAuth($file, $user, $pass, $mode){
        $line = File_Passwd_Common::_auth($file, $user);
        if (!$line || PEAR::isError($line)) {
            return $line;
        }
        list(,$real) = explode(':', $line);
        return ($real === File_Passwd_Authbasic::_genPass($pass, $real, $mode));
    }
    
    /** 
    * Apply changes and rewrite AuthUserFile
    *
    * Returns a PEAR_Error if:
    *   o directory in which the file should reside couldn't be created
    *   o file couldn't be opened in write mode
    *   o file couldn't be locked exclusively
    *   o file couldn't be unlocked
    *   o file couldn't be closed
    * 
    * @throws PEAR_Error
    * @access public
    * @return mixed true on success or PEAR_Error
    */
    function save() {
        $content = '';
        foreach ($this->_users as $user => $pass) {
            $content .= $user . ':' . $pass . "\n";
        }
        return $this->_save($content);
    }

    /** 
    * Add an user
    *
    * The username must start with an alphabetical character and must NOT
    * contain any other characters than alphanumerics, the underline and dash.
    * 
    * Returns a PEAR_Error if:
    *   o user already exists
    *   o user contains illegal characters
    * 
    * @throws PEAR_Error
    * @access public
    * @return mixed true on success or PEAR_Error
    * @param string $user
    * @param string $pass
    */
    function addUser($user, $pass) {
        if ($this->userExists($user)) {
            return PEAR::raiseError(
                sprintf(FILE_PASSWD_E_EXISTS_ALREADY_STR, 'User ', $user),
                FILE_PASSWD_E_EXISTS_ALREADY
            );
        }
        if (!preg_match($this->_pcre, $user)) {
            return PEAR::raiseError(
                sprintf(FILE_PASSWD_E_INVALID_CHARS_STR, 'User ', $user),
                FILE_PASSWD_E_INVALID_CHARS
            );
        }
        $this->_users[$user] = $this->_genPass($pass);
        return true;
    }

    /** 
    * Change the password of a certain user
    *
    * Returns a PEAR_Error if user doesn't exist.
    * 
    * @throws PEAR_Error
    * @access public
    * @return mixed true on success or a PEAR_Error
    * @param string $user   the user whose password should be changed
    * @param string $pass   the new plaintext password
    */
    function changePasswd($user, $pass) {
        if (!$this->userExists($user)) {
            return PEAR::raiseError(
                sprintf(FILE_PASSWD_E_EXISTS_NOT_STR, 'User ', $user),
                FILE_PASSWD_E_EXISTS_NOT
            );
        }
        $this->_users[$user] = $this->_genPass($pass);
        return true;
    }

    /** 
    * Verify password
    *
    * Returns a PEAR_Error if:
    *   o user doesn't exist
    *   o an invalid encryption mode was supplied
    * 
    * @throws PEAR_Error
    * @access public
    * @return mixed true if passwords equal, false if they don't, or PEAR_Error
    * @param string $user   the user whose password should be verified
    * @param string $pass   the plaintext password to verify
    */
    function verifyPasswd($user, $pass) {
        if (!$this->userExists($user)) {
            return PEAR::raiseError(
                sprintf(FILE_PASSWD_E_EXISTS_NOT_STR, 'User ', $user),
                FILE_PASSWD_E_EXISTS_NOT
            );
        }
        $real = $this->_users[$user];
        return ($real === $this->_genPass($pass, $real));
    }

    /** 
    * Get actual encryption mode
    *
    * @access public
    * @return string
    */
    function getMode() {
        return $this->_mode;
    }

    /** 
    * Get supported encryption modes
    *
    * <pre>
    *   array
    *    + md5
    *    + sha
    *    + des
    * </pre>
    * 
    * ATTN: DES encryption not available on Win32!
    * 
    * @access public
    * @return array
    */
    function listModes() {
        return array_keys($this->_modes);
    }

    /** 
    * Set the encryption mode
    *
    * You can choose one of md5, sha or des.
    * 
    * ATTN: DES encryption not available on Win32!
    * 
    * Returns a PEAR_Error if a specific encryption mode is not supported.
    * 
    * @throws PEAR_Error
    * @access public
    * @return mixed true on succes or PEAR_Error
    * @param string $mode
    */
    function setMode($mode) {
        $mode = strToLower($mode);
        if (!isset($this->_modes[$mode])) {
            return PEAR::raiseError(
                sprintf(FILE_PASSWD_E_INVALID_ENC_MODE_STR, $this->_mode),
                FILE_PASSWD_E_INVALID_ENC_MODE
            );
        }
        $this->_mode = $mode;
        return true;
    }

    /**
    * Generate password with htpasswd executable
    * 
    * @access   private
    * @return   string  the crypted password
    * @param    string  $pass   the plaintext password
    * @param    string  $salt   the salt to use
    * @param    string  $mode   encyption mode, usually determined from
    *                           <var>$this->_mode</var>
    */
    function _genPass($pass, $salt = null, $mode = null){
        $salt = is_null($salt) ? File_Passwd_Authbasic::_genSalt() : $salt;
        $mode = is_null($mode) ? strToLower($this->_mode) : strToLower($mode);
        switch($mode){
            case 'des': 
                return crypt($pass, substr($salt, 0,2));
                break;
            case 'sha':
                return '{SHA}' . base64_encode(
                    File_Passwd_Authbasic::_hexbin(sha1($pass))
                );
                break;
            case 'md5':
                return File_Passwd_Authbasic::_md5crypt($pass, $salt);
                break;
        }
        return PEAR::raiseError(
            sprintf(FILE_PASSWD_E_INVALID_ENC_MODE_STR, $mode),
            FILE_PASSWD_E_INVALID_ENC_MODE                
        );
    }
    
    /** 
    * Parse the AuthUserFile
    * 
    * Returns a PEAR_Error if AuthUserFile has invalid format.
    *
    * @throws PEAR_Error
    * @access public
    * @return mixed true on success or PEAR_error
    */
    function parse() {
        $this->_users = array();
        foreach ($this->_contents as $line) {
            $user = explode(':', $line);
            if (count($user) != 2) {
                return PEAR::raiseError(
                    FILE_PASSWD_E_INVALID_FORMAT_STR,
                    FILE_PASSWD_E_INVALID_FORMAT
                );
            }
            $this->_users[$user[0]] = trim($user[1]);
        }
        $this->_contents = array();
        return true;
    }
    
    /**
    * Encrypt string (with given salt) in APR-md5 style
    * 
    * @static
    * @access   private
    * @return   string  encrypted passwd
    * @param    string  $string     the sting to encrypt
    * @param    string  $salt       the salt to use for encryption
    */
    function _md5crypt($string, $salt = null){
        if (is_null($salt)) {
            $salt = File_Passwd_Authbasic::_genSalt();
        } elseif (preg_match('/^\$apr1\$/', $salt)) {
            $salt = preg_replace('/^\$apr1\$(.{8}).*/', '\\1', $salt);
        } else {
            $salt = substr($salt, 0,8);
        }
        
        $length     = strlen($string);
        $context    = $string . '$apr1$' . $salt;
        $binary     = File_Passwd_Authbasic::_hexbin(
            md5($string . $salt . $string)
        );
        
        for ($i = $length; $i > 0; $i -= 16) {
            $context .= substr($binary, 0, ($i > 16 ? 16 : $i));
        }
        for ( $i = $length; $i > 0; $i >>= 1) {
            $context .= ($i & 1) ? chr(0) : $string[0];
        }
        
        $binary = File_Passwd_Authbasic::_hexbin(md5($context));
        
        for($i = 0; $i < 1000; $i++) {
            $new = ($i & 1) ? $string : substr($binary, 0,16);
            if ($i % 3) {
                $new .= $salt;
            }
            if ($i % 7) {
                $new .= $string;
            }
            $new .= ($i & 1) ? substr($binary, 0,16) : $string;
            $binary = File_Passwd_Authbasic::_hexbin(md5($new));
        }
        
        $p = array();
        for ($i = 0; $i < 5; $i++) {
            $k = $i + 6;
            $j = $i + 12;
            if ($j == 16) {
                $j = 5;
            }
            $p[] = File_Passwd_Authbasic::_md5to64(
                (ord($binary[$i]) << 16) |
                (ord($binary[$k]) << 8) |
                (ord($binary[$j])),
                5
            );
        }
        
        return 
            '$apr1$' . $salt . '$' . implode($p) . 
            File_Passwd_Authbasic::_md5to64(ord($binary[11]), 3);
    }
    
    /**
    * Generate salt
    *
    * @access   private
    * @return   string
    */
    function _genSalt(){
        $rs = '';
        for($i = 0; $i < 8; $i++) {
            $rs .= $GLOBALS['_FILE_PASSWD_AUTHBASIC_64'][rand(0,63)];
        }
        return $rs;
    }

    /**
    * Convert hexadecimal string to binary data
    *
    * @static
    * @access   private
    * @return   mixed
    * @param    string  $hex
    */
    function _hexbin($hex){
        $rs = '';
        $ln = strlen($hex);
        for($i = 0; $i < $ln; $i += 2) {
            $rs .= chr(array_shift(sscanf(substr($hex, $i, 2), '%x')));
        }
        return $rs;
    }
    
    /**
    * Convert to allowed 64 characters for encryption
    *
    * @static
    * @access   private
    * @return   string
    * @param    string  $value
    * @param    int     $count
    */
    function _md5to64($value, $count){
        $result = '';
        $count  = abs($count);
        while(--$count) {
            $result .= $GLOBALS['_FILE_PASSWD_AUTHBASIC_64'][$value & 0x3f];
            $value >>= 6;
        }
        return $result;
    }
}
?>
Return current item: ZZ/OSS Installer