Changeset 2942064

Timestamp:

07/23/2023 11:11:41 AM (13 months ago)

Author:

ayeshrajans

Message:

Add v3.0.0

Location:

password-hash

Files:

• tags/3.0 (added)
• tags/3.0/composer.json (added)
• tags/3.0/index.php (added)
• tags/3.0/readme.txt (added)
• tags/3.0/src (added)
• tags/3.0/src/PasswordHash.php (added)
• tags/3.0/wp-php-password-hash.php (added)
• trunk/composer.json (modified) (3 diffs)
• trunk/readme.txt (modified) (7 diffs)
• trunk/src/PasswordHash.php (modified) (10 diffs)
• trunk/wp-php-password-hash.php (modified) (4 diffs)

password-hash/trunk/composer.json

@@ -8 +8 @@
     {
       "name": "Ayesh Karunaratne",
-      "email": "ayesh@ayesh.me",
-      "homepage": "https://ayesh.me"
+      "email": "ayesh@aye",
+      "homepage": "https://aye"
     }
   ],
@@ -17 +17 @@
   },
   "require": {
-    "php": ">=5.5.0",
+    "php": ">=.0",
     "composer/installers": "~1.0"
   },
@@ -24 +24 @@
       "Ayesh\\WP_PasswordHash\\": "src/"
     },
-    "files": ["wp-php-password-hash.php"]
+    "files": [
+      "wp-php-password-hash.php"
+    ]
   }
 }

password-hash/trunk/readme.txt

@@ -1 @@
-=== PHP Native password hash ===
+=== PHP Native ash ===
 Contributors: ayeshrajans
 Tags: password, password hashing, password_hash, bcrypt, argon2, argon2i, argon2id, sodium, password security, security
-Requires at least: 3.9.2
-Tested up to: 6.0
-Stable tag: 2.1
-Requires PHP: 5.5
+Requires at least: .2
+Tested up to: 6.
+Stable tag: 
+Requires PHP: 
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -22 +22 @@
 *  PHP might come up with newer password hashing algorithms, and they will be automatically supported without having to reset all the passwords.
 
-This plugin was made initially because one of our applications used Wordpress for authentication, but we needed to use an external system
-to verify the passwords directly from the database too. Since Wordpress has its own password hashing algorithm, we decided to make this plugin to address that problem.
-With this plugin, passwords generated by both Wordpress and other custom applications now use the PHP's default `password_hash()` functions without compromising any of the applications security.
+This plugin was made initially because one of our applications used Wordress for authentication, but we needed to use an external system
+to verify the passwords directly from the database too. Since Wordress has its own password hashing algorithm, we decided to make this plugin to address that problem.
+With this plugin, passwords generated by both Word security.
 
 == Installation ==
@@ -50 +50 @@
 The easiest way would be to check your database from PHPMyAdmin or any other software in its line. Check if the password
 hash field in your users table has the format `$2y$10...`. Those who have not updated their hashes will have a different
-format. However, if the plugin is unable to override the password hashing algorithm from Wordpress core, you will see a
+format. However, if the plugin is unable to override the password hashing algorithm from Wordress core, you will see a
 notification in your dashboard. If you do not see anything, you are golden.
 
@@ -60 +60 @@
 Open your `wp-config.php` file at the root of your WordPress site, and find the line that says `That's all, stop editing! Happy publishing`.
 Above this line, you can configure the hashing algorithm you want this plugin to use. Note that a wrong configuration value
-means your users will not be able to login until you fix this configuration option. It's not recommended that you set
+means your users will not be able to login until you fix this configuration option. It's not recommended that you set
 this configuration value unless you know what you are doing.
 
@@ -104 +104 @@
 
 = 1.2 =
-* This plugin now requires Wordpress minimum version 3.9.2 the least, and uses the hash_equals() function polyfill provided by Wordpress core.
+* This plugin now requires Wordress core.
 
 = 1.4 =
 * Skipped 1.3 version because a WIP Argon2i support conflicted with the bug fix (#2). Argon2i support will be added in a future release.
-* Fixes an error with password validation when the PasswordHash class from Wordpress core is not loaded. See https://github.com/Ayesh/wordpress-password-hash/pull/2
+* Fixes an error with password validation when the PasswordHash class from Wordress core is not loaded. See https://github.com/Ayesh/wordpress-password-hash/pull/2
 
 = 1.5 =
@@ -118 +118 @@
 Core functionality of the plugin is extracted to a separate class. This plugin aims to be as light-weight as possible, and this version cuts the main plugin file size to less than half the v1.x size.
 
-There is a new namespaced PasswordHash class that is more cleaner and well-structured compared to our v1 code base.
+There is a new namespaced PasswordHash class that is cleaner and well-structured compared to our v1 code base.
 
-* Fixes a bug that the hook-provided hash cost changes did not trigger a password rehash. Thanks to Steve Thomas (Sc00bz on Github).
+* Fixes a bug that the hook-provided hash cost changes did not trigger a password rehash. Thanks to Steve Thomas (Sc00bz on Gitub).
 * Adds support for Argon2I, Argon2ID and any future hashing algorithms PHP will introduce. See the updated FAQ item on how to use the new hashing algorithms.
 * Removed a helper function used to trigger an admin warning if the plugin cannot properly work. The notices are now shown with help of lambda functions (which further reduces the code bloat and load).
@@ -127 +127 @@
 * Adds support for "WP_PASSWORD_HASH_OPTIONS" configuration option that can be set in `wp-config.php` to configure password hashing options.
 * Update WordPress core "Tested up to" field to WordPress 5.6.
+
+
+
+
+
+

password-hash/trunk/src/PasswordHash.php

@@ -3 +3 @@
 namespace Ayesh\WP_PasswordHash;
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 final class PasswordHash {
-    private $algorithm = \PASSWORD_DEFAULT;
+    private $algorithm = PASSWORD_DEFAULT;
     private $algorithm_options = [];
     private $wpdb;
     const TEXT_DOMAIN = 'password-hash';
 
-    public function __construct(\wpdb $wpdb) {
+    public function __construct(wpdb $wpdb) {
         $this->wpdb = $wpdb;
         $this->initializePasswordConfig();
@@ -15 +36 @@
 
     private function initializePasswordConfig() {
-        if (\defined('WP_PASSWORD_HASH_ALGO')) {
-            $this->algorithm = \WP_PASSWORD_HASH_ALGO;
+        if (defined('WP_PASSWORD_HASH_ALGO')) {
+            $this->algorithm = WP_PASSWORD_HASH_ALGO;
 
-            if (\defined('WP_PASSWORD_HASH_OPTIONS') && is_array(\WP_PASSWORD_HASH_OPTIONS)) {
-                $this->algorithm_options = \WP_PASSWORD_HASH_OPTIONS;
+            if (WP_PASSWORD_HASH_OPTIONS)) {
+                $this->algorithm_options = WP_PASSWORD_HASH_OPTIONS;
             }
-            $this->algorithm_options = \apply_filters( 'wp_php_password_hash_options', $this->algorithm_options );
+            $this->algorithm_options = apply_filters( 'wp_php_password_hash_options', $this->algorithm_options );
         }
     }
@@ -27 +48 @@
     public static function setAdminWarning($message) {
         $message = __($message, self::TEXT_DOMAIN);
-        \add_action( 'admin_notices', static function () use ($message) {
+        add_action( 'admin_notices', static function () use ($message) {
                 print "<div class='notice notice-error'><p>{$message}</p></div>";
             }
@@ -48 +69 @@
      *
      */
-    public function checkPassword($password, $hash, $user_id = '') {
+    public function checkPassword($password, $hash, $user_id = '') {
         // Check if the hash uses Password API.
-        $info = \password_get_info($hash);
+        $info = password_get_info($hash);
         if (!empty($info['algo'])) {
             return $this->checkPasswordNative($password, $hash, $user_id);
@@ -56 +77 @@
 
         // Is it god forbid MD5?
-        if ( \strlen($hash) <= 32 ) {
+        if ( strlen($hash) <= 32 ) {
             return $this->checkPasswordMD5($password, $hash, $user_id);
         }
@@ -71 +92 @@
      */
     public function getHash($password) {
-        return \password_hash($password, $this->algorithm, $this->algorithm_options);
+        return password_hash($password, $this->algorithm, $this->algorithm_options);
     }
 
@@ -87 +108 @@
         $this->wpdb->update($this->wpdb->users, $fields, $conditions);
 
-        \wp_cache_delete( $user_id, 'users' );
+        wp_cache_delete( $user_id, 'users' );
 
         return $hash;
@@ -93 +114 @@
 
     private function checkPasswordNative($password, $hash, $user_id = '') {
-        $check = \password_verify($password, $hash);
-        $rehash = \password_needs_rehash($hash, $this->algorithm, $this->algorithm_options);
+        $check = password_verify($password, $hash);
+        $rehash = password_needs_rehash($hash, $this->algorithm, $this->algorithm_options);
         return $this->processPasswordCheck($check, $password, $hash, $user_id, $rehash);
     }
 
     private function checkPasswordMD5($password, $hash, $user_id = '') {
-        $check = \hash_equals( $hash, \md5( $password ) );
+        $check = md5( $password ) );
         return $this->processPasswordCheck($check, $password, $hash, $user_id);
     }
@@ -107 +128 @@
 
         if ( empty($wp_hasher) ) {
-            if( !\class_exists('PasswordHash') ) {
+            if( !class_exists('PasswordHash') ) {
                 require_once ABSPATH . WPINC . '/class-phpass.php';
             }
@@ -122 +143 @@
         }
 
-        return \apply_filters( 'check_password', $check, $password, $hash, $user_id );
+        return apply_filters( 'check_password', $check, $password, $hash, $user_id );
     }
 }

password-hash/trunk/wp-php-password-hash.php

@@ -1 +1 @@
 <?php
 /**
- * Plugin Name: PHP native password hash
- * Version:     2.1
+ * Plugin Name: PHP ash
+ * Version:     
  * Description: Swaps out WordPress's password hashing mechanism with PHP 5.5's `password_hash()` functions set, and automatically rehashes the existing passwords on users next successful login. Provides safety against dictionary attacks, time-attacks, brute-force attacks.
  * Licence:     GPLv2 or later
  * Author:      Ayesh Karunaratne
- * Author URI:  https://ayesh.me/open-source
+ * Author URI:  https://aye/open-source
  */
+
+
 
 if ( function_exists( 'wp_hash_password' ) ) {
@@ -20 +22 @@
  * @return \Ayesh\WP_PasswordHash\PasswordHash
  */
-function wp_password_hash_include() {
+function wp_password_hash_include() {
     static $hasher;
     require_once __DIR__ . '/src/PasswordHash.php';
     if ( ! $hasher ) {
         global $wpdb;
-        $hasher = new \Ayesh\WP_PasswordHash\PasswordHash( $wpdb );
+        $hasher = new PasswordHash( $wpdb );
     }
 
@@ -34 +36 @@
  * The function calls below override the WordPress-provided functions.
  *
- * All of the plugin functionality is contained in @see
+ * All the plugin functionality is contained in @see
  * \Ayesh\WP_PasswordHash\PasswordHash class. Check the called proxy method for
  * further documentation.
@@ -41 +43 @@
 if ( ! function_exists( 'wp_hash_password' ) && function_exists( 'password_hash' ) ) :
 
-    function wp_check_password( $password, $hash, $user_id = '' ) {
-        $hasher = wp_password_hash_include();
-        return $hasher->checkPassword( $password, $hash, $user_id );
+    function wp_check_password( $password, $hash, $user_id = '' ): bool {
+        return wp_password_hash_include()->checkPassword( $password, $hash, $user_id );
     }
 
     function wp_hash_password( $password ) {
-        $hasher = wp_password_hash_include();
-        return $hasher->getHash( $password );
+        return wp_password_hash_include()->getHash( $password );
     }
 
     function wp_set_password( $password, $user_id ) {
-        $hasher = wp_password_hash_include();
-        return $hasher->updateHash( $password, $user_id );
+        return wp_password_hash_include()->updateHash( $password, $user_id );
     }