Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
- Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
- PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
<?php namespace PhpOffice\PhpSpreadsheet\Shared;> use PhpOffice\PhpSpreadsheet\Exception; class PasswordHasher > use PhpOffice\PhpSpreadsheet\Worksheet\Protection; { >/**> * Get algorithm name for PHP. * Create a password hash from a given string. > */ * > private static function getAlgorithm(string $algorithmName): string * This method is based on the algorithm provided by > { * Daniel Rentz of OpenOffice and the PEAR package > if (!$algorithmName) { * Spreadsheet_Excel_Writer by Xavier Noguer <xnoguer@rezebra.com>. > return ''; * > } * @param string $pPassword Password to hash > * > // Mapping between algorithm name in Excel and algorithm name in PHP * @return string Hashed password > $mapping = [ */ > Protection::ALGORITHM_MD2 => 'md2', public static function hashPassword($pPassword) > Protection::ALGORITHM_MD4 => 'md4', { > Protection::ALGORITHM_MD5 => 'md5', $password = 0x0000; > Protection::ALGORITHM_SHA_1 => 'sha1', $charPos = 1; // char position > Protection::ALGORITHM_SHA_256 => 'sha256', > Protection::ALGORITHM_SHA_384 => 'sha384', // split the plain text password in its component characters > Protection::ALGORITHM_SHA_512 => 'sha512', $chars = preg_split('//', $pPassword, -1, PREG_SPLIT_NO_EMPTY); > Protection::ALGORITHM_RIPEMD_128 => 'ripemd128', foreach ($chars as $char) { > Protection::ALGORITHM_RIPEMD_160 => 'ripemd160', $value = ord($char) << $charPos++; // shifted ASCII value > Protection::ALGORITHM_WHIRLPOOL => 'whirlpool', $rotated_bits = $value >> 15; // rotated bits beyond bit 15 > ]; $value &= 0x7fff; // first 15 bits > $password ^= ($value | $rotated_bits); > if (array_key_exists($algorithmName, $mapping)) { } > return $mapping[$algorithmName]; > } $password ^= strlen($pPassword); > $password ^= 0xCE4B; > throw new Exception('Unsupported password algorithm: ' . $algorithmName); > } return strtoupper(dechex($password)); > } > /**< * < * @return string Hashed password< public static function hashPassword($pPassword)> private static function defaultHashPassword(string $pPassword): string> } > > /** > * Create a password hash from a given string by a specific algorithm. > * > * 2.4.2.4 ISO Write Protection Method > * > * @see https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-offcrypto/1357ea58-646e-4483-92ef-95d718079d6f > * > * @param string $password Password to hash > * @param string $algorithm Hash algorithm used to compute the password hash value > * @param string $salt Pseudorandom string > * @param int $spinCount Number of times to iterate on a hash of a password > * > * @return string Hashed password > */ > public static function hashPassword(string $password, string $algorithm = '', string $salt = '', int $spinCount = 10000): string > { > $phpAlgorithm = self::getAlgorithm($algorithm); > if (!$phpAlgorithm) { > return self::defaultHashPassword($password); > } > > $saltValue = base64_decode($salt); > $encodedPassword = mb_convert_encoding($password, 'UCS-2LE', 'UTF-8'); > > $hashValue = hash($phpAlgorithm, $saltValue . $encodedPassword, true); > for ($i = 0; $i < $spinCount; ++$i) { > $hashValue = hash($phpAlgorithm, $hashValue . pack('L', $i), true); > } > > return base64_encode($hashValue);
