fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity

Move all composer files inside the common directory

Browse source 
- 2022년 3월 개발팀 결정사항 적용
- 모듈 등 서드파티 자료 개발시 composer를 사용하면 상위 경로에 있는 코어의
  composer.json을 수정하고, 코어의 vendor 디렉토리를 건드리는 것이 기본값임
- 이를 방지하기 위해 코어의 composer.json과 vendor를 common 디렉토리 안으로
  이동하여, 모듈 경로에서 상위 폴더로 인식하지 않도록 함
This commit is contained in:
Kijin Sung 2022-12-26 16:33:32 +09:00
parent 7b912d21fc
commit 5fff6b6eab
1478 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/vendor/bordoni/phpass/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
composer.lock
vendor

13
common/vendor/bordoni/phpass/.travis.yml vendored Normal file
View file

@ -0,0 +1,13 @@
language: php
php:
- 5.3
- 5.4
- 5.5
- 5.6
- hhvm
before_script:
- composer install
script: cd Tests && phpunit --configuration phpunit.xml --coverage-text

46
common/vendor/bordoni/phpass/README.md vendored Normal file
View file

@ -0,0 +1,46 @@
### This repository is a fork from the original [hautelook/phpass](https://github.com/hautelook/phpass) which seems to have been deleted on _2021-09-09_.
Openwall Phpass, modernized
===========================
This is Openwall's [Phpass](http://openwall.com/phpass/), based on the 0.3 release, but modernized slightly:
- Namespaced
- Composer support (Autoloading)
- PHP 5 style
- Unit Tested
The changes are minimal and only stylistic. The source code is in the public domain. We claim no ownership, but needed it for one of our projects, and wanted to make it available to other people as well.
## Installation ##
Add this requirement to your `composer.json` file and run `composer.phar install`:
{
"require": {
"bordoni/phpass": "dev-main"
}
}
## Usage ##
The following example shows how to hash a password (to then store the hash in the database), and how to check whether a provided password is correct (hashes to the same value):
``` php
<?php
namespace Your\Namespace;
use Hautelook\Phpass\PasswordHash;
require_once(__DIR__ . "/vendor/autoload.php");
$passwordHasher = new PasswordHash(8,false);
$password = $passwordHasher->HashPassword('secret');
var_dump($password);
$passwordMatch = $passwordHasher->CheckPassword('secret', "$2a$08$0RK6Yw6j9kSIXrrEOc3dwuDPQuT78HgR0S3/ghOFDEpOGpOkARoSu");
var_dump($passwordMatch);

52
common/vendor/bordoni/phpass/Tests/BasicTest.php vendored Normal file
View file

@ -0,0 +1,52 @@
<?php
// namespace Hautelook\Phpass\Tests;
use Hautelook\Phpass\PasswordHash;
/**
*
*/
class BasicTest extends \PHPUnit_Framework_TestCase
{
const PORTABLE_HASH = '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0';
public function testCorrectHash()
{
$hasher = new PasswordHash(8,false);
$correct = 'test12345';
$hash = $hasher->HashPassword($correct);
$this->assertTrue($hasher->CheckPassword($correct, $hash));
}
public function testIncorrectHash()
{
$hasher = new PasswordHash(8,false);
$correct = 'test12345';
$hash = $hasher->HashPassword($correct);
$wrong = 'test12346';
$this->assertFalse($hasher->CheckPassword($wrong, $hash));
}
public function testWeakHashes()
{
$hasher = new PasswordHash(8, true);
$correct = 'test12345';
$hash = $hasher->HashPassword($correct);
$wrong = 'test12346';
$this->assertTrue($hasher->CheckPassword($correct, $hash));
$this->assertFalse($hasher->CheckPassword($wrong, $hash));
}
public function testPortableHashes()
{
$hasher = new PasswordHash(8, true);
$correct = 'test12345';
$wrong = 'test12346';
$this->assertTrue($hasher->CheckPassword($correct, self::PORTABLE_HASH));
$this->assertFalse($hasher->CheckPassword($wrong, self::PORTABLE_HASH));
}
}

14
common/vendor/bordoni/phpass/Tests/bootstrap.php vendored Normal file
View file

@ -0,0 +1,14 @@
<?php
function includeIfExists($file)
{
if (file_exists($file)) {
return include $file;
}
}
if ((!$loader = includeIfExists(__DIR__.'/../vendor/autoload.php'))) {
die('You must set up the project dependencies, run the following commands:'.PHP_EOL.
'curl -s http://getcomposer.org/installer | php'.PHP_EOL.
'php composer.phar install'.PHP_EOL);
}

32
common/vendor/bordoni/phpass/Tests/phpunit.xml vendored Normal file
View file

@ -0,0 +1,32 @@
<phpunit bootstrap="./bootstrap.php"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
stopOnFailure="false"
syntaxCheck="true" >
<logging>
<!-- <log type="coverage-text" target="php://stdout"/> -->
<!--showUncoveredFiles="true"/>-->
<!--<log type="coverage-html" target="/tmp/report" charset="UTF-8"-->
<!--yui="true" highlight="false"-->
<!--lowUpperBound="35" highLowerBound="70"/>-->
<!--<log type="testdox-html" target="/tmp/testdox.html"/>-->
</logging>
<testsuite name="Phpass Test Suite">
<directory>.</directory>
</testsuite>
<filter>
<blacklist>
<directory suffix=".php">../</directory>
</blacklist>
<whitelist>
<directory suffix=".php">../src/Hautelook</directory>
<exclude>
<directory suffix=".phtml">../</directory>
<file>./bootstrap.php</file>
</exclude>
</whitelist>
</filter>
</phpunit>

37
common/vendor/bordoni/phpass/composer.json vendored Normal file
View file

@ -0,0 +1,37 @@
{
"name": "bordoni/phpass",
"type": "library",
"time": "2012-08-31",
"license": "Public Domain",
"description": "Portable PHP password hashing framework",
"keywords": [
"Blowfish",
"crypt",
"password",
"security"
],
"homepage": "http://github.com/bordoni/phpass/",
"authors": [
{
"name": "Solar Designer",
"email": "solar@openwall.com",
"homepage": "http://openwall.com/phpass/"
},
{
"name": "Gustavo Bordoni",
"email": "gustavo@bordoni.me",
"homepage": "https://bordoni.me"
}
],
"require": {
"php": ">=5.3.3"
},
"autoload": {
"psr-0": {
"Hautelook": "src/"
}
},
"replace": {
"hautelook/phpass": "0.3.*"
}
}

21
common/vendor/bordoni/phpass/lib/Makefile vendored Normal file
View file

@ -0,0 +1,21 @@
#
# Written by Solar Designer and placed in the public domain.
# See crypt_private.c for more information.
#
CC = gcc
LD = $(CC)
RM = rm -f
CFLAGS = -Wall -O2 -fomit-frame-pointer -funroll-loops
LDFLAGS = -s
LIBS = -lcrypto
all: crypt_private-test
crypt_private-test: crypt_private-test.o
$(LD) $(LDFLAGS) $(LIBS) crypt_private-test.o -o $@
crypt_private-test.o: crypt_private.c
$(CC) -c $(CFLAGS) crypt_private.c -DTEST -o $@
clean:
$(RM) crypt_private-test*

106
common/vendor/bordoni/phpass/lib/crypt_private.c vendored Normal file
View file

@ -0,0 +1,106 @@
/*
* This code exists for the sole purpose to serve as another implementation
* of the "private" password hashing method implemened in PasswordHash.php
* and thus to confirm that these password hashes are indeed calculated as
* intended.
*
* Other uses of this code are discouraged. There are much better password
* hashing algorithms available to C programmers; one of those is bcrypt:
*
* http://www.openwall.com/crypt/
*
* Written by Solar Designer <solar at openwall.com> in 2005 and placed in
* the public domain.
*
* There's absolutely no warranty.
*/
#include <string.h>
#include <openssl/md5.h>
#ifdef TEST
#include <stdio.h>
#endif
static char *itoa64 =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
static void encode64(char *dst, char *src, int count)
{
int i, value;
i = 0;
do {
value = (unsigned char)src[i++];
*dst++ = itoa64[value & 0x3f];
if (i < count)
value |= (unsigned char)src[i] << 8;
*dst++ = itoa64[(value >> 6) & 0x3f];
if (i++ >= count)
break;
if (i < count)
value |= (unsigned char)src[i] << 16;
*dst++ = itoa64[(value >> 12) & 0x3f];
if (i++ >= count)
break;
*dst++ = itoa64[(value >> 18) & 0x3f];
} while (i < count);
}
char *crypt_private(char *password, char *setting)
{
static char output[35];
MD5_CTX ctx;
char hash[MD5_DIGEST_LENGTH];
char *p, *salt;
int count_log2, length, count;
strcpy(output, "*0");
if (!strncmp(setting, output, 2))
output[1] = '1';
if (strncmp(setting, "$P$", 3))
return output;
p = strchr(itoa64, setting[3]);
if (!p)
return output;
count_log2 = p - itoa64;
if (count_log2 < 7 || count_log2 > 30)
return output;
salt = setting + 4;
if (strlen(salt) < 8)
return output;
length = strlen(password);
MD5_Init(&ctx);
MD5_Update(&ctx, salt, 8);
MD5_Update(&ctx, password, length);
MD5_Final(hash, &ctx);
count = 1 << count_log2;
do {
MD5_Init(&ctx);
MD5_Update(&ctx, hash, MD5_DIGEST_LENGTH);
MD5_Update(&ctx, password, length);
MD5_Final(hash, &ctx);
} while (--count);
memcpy(output, setting, 12);
encode64(&output[12], hash, MD5_DIGEST_LENGTH);
return output;
}
#ifdef TEST
int main(int argc, char **argv)
{
if (argc != 3) return 1;
puts(crypt_private(argv[1], argv[2]));
return 0;
}
#endif

319
common/vendor/bordoni/phpass/src/Hautelook/Phpass/PasswordHash.php vendored Normal file
View file

@ -0,0 +1,319 @@
<?php
namespace Hautelook\Phpass;
/**
*
* Portable PHP password hashing framework.
*
* Version 0.3 / genuine.
*
* Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
*
* There's absolutely no warranty.
*
* The homepage URL for this framework is:
*
* http://www.openwall.com/phpass/
*
* Please be sure to update the Version line if you edit this file in any way.
* It is suggested that you leave the main version number intact, but indicate
* your project name (after the slash) and add your own revision information.
*
* Please do not change the "private" password hashing method implemented in
* here, thereby making your hashes incompatible. However, if you must, please
* change the hash type identifier (the "$P$") to something different.
*
* Obviously, since this code is in the public domain, the above are not
* requirements (there can be none), but merely suggestions.
*
* @author Solar Designer <solar@openwall.com>
*/
class PasswordHash
{
private $itoa64;
private $iteration_count_log2;
private $portable_hashes;
private $random_state;
/**
* Constructor
*
* @param int $iteration_count_log2
* @param boolean $portable_hashes
*/
public function __construct($iteration_count_log2, $portable_hashes)
{
$this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) {
$iteration_count_log2 = 8;
}
$this->iteration_count_log2 = $iteration_count_log2;
$this->portable_hashes = $portable_hashes;
$this->random_state = microtime();
if (function_exists('getmypid')) {
$this->random_state .= getmypid();
}
}
/**
* @param int $count
* @return String
*/
public function get_random_bytes($count)
{
$output = '';
if (is_callable('random_bytes')) {
return random_bytes($count);
}
if (@is_readable('/dev/urandom') &&
($fh = @fopen('/dev/urandom', 'rb'))) {
$output = fread($fh, $count);
fclose($fh);
}
if (strlen($output) < $count) {
$output = '';
for ($i = 0; $i < $count; $i += 16) {
$this->random_state =
md5(microtime() . $this->random_state);
$output .=
pack('H*', md5($this->random_state));
}
$output = substr($output, 0, $count);
}
return $output;
}
/**
* @param String $input
* @param int $count
* @return String
*/
public function encode64($input, $count)
{
$output = '';
$i = 0;
do {
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count) {
$value |= ord($input[$i]) << 8;
}
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) {
break;
}
if ($i < $count) {
$value |= ord($input[$i]) << 16;
}
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) {
break;
}
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
/**
* @param String $input
* @return String
*/
public function gensalt_private($input)
{
$output = '$P$';
$output .= $this->itoa64[min($this->iteration_count_log2 +
((PHP_VERSION >= '5') ? 5 : 3), 30)];
$output .= $this->encode64($input, 6);
return $output;
}
/**
* @param String $password
* @param String $setting
* @return String
*/
public function crypt_private($password, $setting)
{
$output = '*0';
if (substr($setting, 0, 2) == $output) {
$output = '*1';
}
$id = substr($setting, 0, 3);
# We use "$P$", phpBB3 uses "$H$" for the same thing
if ($id != '$P$' && $id != '$H$') {
return $output;
}
$count_log2 = strpos($this->itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30) {
return $output;
}
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) != 8) {
return $output;
}
// We're kind of forced to use MD5 here since it's the only
// cryptographic primitive available in all versions of PHP
// currently in use. To implement our own low-level crypto
// in PHP would result in much worse performance and
// consequently in lower iteration counts and hashes that are
// quicker to crack (by non-PHP code).
if (PHP_VERSION >= '5') {
$hash = md5($salt . $password, TRUE);
do {
$hash = md5($hash . $password, TRUE);
} while (--$count);
} else {
$hash = pack('H*', md5($salt . $password));
do {
$hash = pack('H*', md5($hash . $password));
} while (--$count);
}
$output = substr($setting, 0, 12);
$output .= $this->encode64($hash, 16);
return $output;
}
/**
* @param String $input
* @return String
*/
public function gensalt_extended($input)
{
$count_log2 = min($this->iteration_count_log2 + 8, 24);
// This should be odd to not reveal weak DES keys, and the
// maximum valid value is (2**24 - 1) which is odd anyway.
$count = (1 << $count_log2) - 1;
$output = '_';
$output .= $this->itoa64[$count & 0x3f];
$output .= $this->itoa64[($count >> 6) & 0x3f];
$output .= $this->itoa64[($count >> 12) & 0x3f];
$output .= $this->itoa64[($count >> 18) & 0x3f];
$output .= $this->encode64($input, 3);
return $output;
}
/**
* @param String $input
* @return String
*/
public function gensalt_blowfish($input)
{
// This one needs to use a different order of characters and a
// different encoding scheme from the one in encode64() above.
// We care because the last character in our encoded string will
// only represent 2 bits. While two known implementations of
// bcrypt will happily accept and correct a salt string which
// has the 4 unused bits set to non-zero, we do not want to take
// chances and we also do not want to waste an additional byte
// of entropy.
$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$output = '$2a$';
$output .= chr(ord('0') + intval($this->iteration_count_log2 / 10));
$output .= chr(ord('0') + $this->iteration_count_log2 % 10);
$output .= '$';
$i = 0;
do {
$c1 = ord($input[$i++]);
$output .= $itoa64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $itoa64[$c1];
break;
}
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $itoa64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f];
} while (1);
return $output;
}
/**
* @param String $password
*/
public function HashPassword($password)
{
$random = '';
if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
$random = $this->get_random_bytes(16);
$hash =
crypt($password, $this->gensalt_blowfish($random));
if (strlen($hash) == 60) {
return $hash;
}
}
if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) {
if (strlen($random) < 3) {
$random = $this->get_random_bytes(3);
}
$hash =
crypt($password, $this->gensalt_extended($random));
if (strlen($hash) == 20) {
return $hash;
}
}
if (strlen($random) < 6) {
$random = $this->get_random_bytes(6);
}
$hash =
$this->crypt_private($password,
$this->gensalt_private($random));
if (strlen($hash) == 34) {
return $hash;
}
// Returning '*' on error is safe here, but would _not_ be safe
// in a crypt(3)-like function used _both_ for generating new
// hashes and for validating passwords against existing hashes.
return '*';
}
/**
* @param String $password
* @param String $stored_hash
* @return boolean
*/
public function CheckPassword($password, $stored_hash)
{
$hash = $this->crypt_private($password, $stored_hash);
if ($hash[0] == '*') {
$hash = crypt($password, $stored_hash);
}
return $hash === $stored_hash;
}
}