diff options
| author | Robin Appelman <icewind@owncloud.com> | 2012-02-26 13:49:51 +0100 |
|---|---|---|
| committer | Robin Appelman <icewind@owncloud.com> | 2012-02-26 14:12:50 +0100 |
| commit | 62cd89da14608f4b390c42fe732130ffe8a432fc (patch) | |
| tree | dd6b38bdc0501453502084a448961f820f69394b /3rdparty/phpass/test.php | |
| parent | 89865cb8a0ca668f628e6e3e6a43bca7e72eab63 (diff) | |
| download | nextcloud-server-62cd89da14608f4b390c42fe732130ffe8a432fc.tar.gz nextcloud-server-62cd89da14608f4b390c42fe732130ffe8a432fc.zip | |
improved password hashing based one phpass
old passwords are automatically upgraded on login
Diffstat (limited to '3rdparty/phpass/test.php')
| -rw-r--r-- | 3rdparty/phpass/test.php | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/3rdparty/phpass/test.php b/3rdparty/phpass/test.php new file mode 100644 index 00000000000..2f4a41c8c31 --- /dev/null +++ b/3rdparty/phpass/test.php @@ -0,0 +1,72 @@ +<?php +# +# This is a test program for the portable PHP password hashing framework. +# +# Written by Solar Designer and placed in the public domain. +# See PasswordHash.php for more information. +# + +require 'PasswordHash.php'; + +header('Content-type: text/plain'); + +$ok = 0; + +# Try to use stronger but system-specific hashes, with a possible fallback to +# the weaker portable hashes. +$t_hasher = new PasswordHash(8, FALSE); + +$correct = 'test12345'; +$hash = $t_hasher->HashPassword($correct); + +print 'Hash: ' . $hash . "\n"; + +$check = $t_hasher->CheckPassword($correct, $hash); +if ($check) $ok++; +print "Check correct: '" . $check . "' (should be '1')\n"; + +$wrong = 'test12346'; +$check = $t_hasher->CheckPassword($wrong, $hash); +if (!$check) $ok++; +print "Check wrong: '" . $check . "' (should be '0' or '')\n"; + +unset($t_hasher); + +# Force the use of weaker portable hashes. +$t_hasher = new PasswordHash(8, TRUE); + +$hash = $t_hasher->HashPassword($correct); + +print 'Hash: ' . $hash . "\n"; + +$check = $t_hasher->CheckPassword($correct, $hash); +if ($check) $ok++; +print "Check correct: '" . $check . "' (should be '1')\n"; + +$check = $t_hasher->CheckPassword($wrong, $hash); +if (!$check) $ok++; +print "Check wrong: '" . $check . "' (should be '0' or '')\n"; + +# A correct portable hash for 'test12345'. +# Please note the use of single quotes to ensure that the dollar signs will +# be interpreted literally. Of course, a real application making use of the +# framework won't store password hashes within a PHP source file anyway. +# We only do this for testing. +$hash = '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0'; + +print 'Hash: ' . $hash . "\n"; + +$check = $t_hasher->CheckPassword($correct, $hash); +if ($check) $ok++; +print "Check correct: '" . $check . "' (should be '1')\n"; + +$check = $t_hasher->CheckPassword($wrong, $hash); +if (!$check) $ok++; +print "Check wrong: '" . $check . "' (should be '0' or '')\n"; + +if ($ok == 6) + print "All tests have PASSED\n"; +else + print "Some tests have FAILED\n"; + +?> |