1 <?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n"; ?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4 <html xmlns="http://www.w3.org/1999/xhtml">
6 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
7 <title>Password Encryption Tool</title>
9 Copyright 1999, 2000, 2001, 2002 $ThePhpWikiProgrammingTeam
11 This file is part of PhpWiki.
13 PhpWiki is free software; you can redistribute it and/or modify
14 it under the terms of the GNU General Public License as published by
15 the Free Software Foundation; either version 2 of the License, or
16 (at your option) any later version.
18 PhpWiki is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 GNU General Public License for more details.
23 You should have received a copy of the GNU General Public License along
24 with PhpWiki; if not, write to the Free Software Foundation, Inc.,
25 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
29 <h1>Password Encryption Tool</h1>
32 * Seed the random number generator.
34 * better_srand() ensures the randomizer is seeded only once.
36 * How random do you want it? See:
37 * http://www.php.net/manual/en/function.srand.php
38 * http://www.php.net/manual/en/function.mt-srand.php
40 function better_srand($seed = '') {
41 static $wascalled = FALSE;
44 list($usec, $sec) = explode(" ", microtime());
46 $seed = (double) $usec * $sec;
47 else // once in a while use the combined LCG entropy
48 $seed = (double) 1000000 * substr(uniqid("", true), 13);
50 if (function_exists('mt_srand')) {
51 mt_srand($seed); // mersenne twister
59 function rand_ascii($length = 1) {
62 for ($i = 1; $i <= $length; $i++) {
63 // return only typeable 7 bit ascii, avoid quotes
64 if (function_exists('mt_rand'))
65 // the usually bad glibc srand()
66 $s .= chr(mt_rand(40, 126));
68 $s .= chr(rand(40, 126));
74 // Function to create better user passwords (much larger keyspace),
75 // suitable for user passwords.
76 // Sequence of random ASCII numbers, letters and some special chars.
77 // Note: There exist other algorithms for easy-to-remember passwords.
78 function random_good_password ($minlength = 5, $maxlength = 8) {
80 // assume ASCII ordering (not valid on EBCDIC systems!)
81 $valid_chars = "!#%&+-.0123456789=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz";
82 $start = ord($valid_chars);
83 $end = ord(substr($valid_chars, -1));
85 if (function_exists('mt_rand')) // mersenne twister
86 $length = mt_rand($minlength, $maxlength);
87 else // the usually bad glibc rand()
88 $length = rand($minlength, $maxlength);
90 if (function_exists('mt_rand'))
91 $newchar = mt_rand($start, $end);
93 $newchar = rand($start, $end);
94 if (! strrpos($valid_chars, $newchar) )
95 continue; // skip holes
96 $newpass .= sprintf("%c", $newchar);
102 /** PHP5 deprecated old-style globals if !(bool)ini_get('register_long_arrays').
104 * We want to work with those old ones instead of the new superglobals,
107 foreach (array('SERVER','GET','POST','ENV') as $k) {
108 if (!isset($GLOBALS['HTTP_'.$k.'_VARS']) and isset($GLOBALS['_'.$k]))
109 $GLOBALS['HTTP_'.$k.'_VARS'] =& $GLOBALS['_'.$k];
113 $posted = $GLOBALS['HTTP_POST_VARS'];
114 if (!empty($posted['create'])) {
115 $new_password = random_good_password();
116 echo "<p>The newly created random password is:<br />\n<br /> \n<tt><strong>",
117 htmlentities($new_password),"</strong></tt></p>\n";
118 $posted['password'] = $new_password;
119 $posted['password2'] = $new_password;
122 if (($posted['password'] != "")
123 && ($posted['password'] == $posted['password2'])) {
124 $password = $posted['password'];
126 * http://www.php.net/manual/en/function.crypt.php
128 // Use the maximum salt length the system can handle.
129 $salt_length = max(CRYPT_SALT_LENGTH,
133 16 * CRYPT_BLOWFISH);
134 // Generate the encrypted password.
135 $encrypted_password = crypt($password, rand_ascii($salt_length));
136 $debug = $HTTP_GET_VARS['debug'];
138 echo "The password was encrypted using a salt length of: $salt_length<br />\n";
139 echo "<p>The encrypted password is:<br />\n<br /> \n<tt><strong>",
140 htmlentities($encrypted_password),"</strong></tt></p>\n";
143 else if ($posted['password'] != "") {
144 echo "The passwords did not match. Please try again.<br />\n";
146 if (empty($REQUEST_URI))
147 $REQUEST_URI = $HTTP_ENV_VARS['REQUEST_URI'];
148 if (empty($REQUEST_URI))
149 $REQUEST_URI = $HTTP_SERVER_VARS['REQUEST_URI'];
152 <form action="<?php echo $REQUEST_URI ?>" method="post">
153 <fieldset><legend accesskey="P">Encrypt</legend>
154 Enter a password twice to encrypt it:<br />
155 <input type="password" name="password" value="" /><br />
156 <input type="password" name="password2" value="" /> <input type="submit" value="Encrypt" />
161 <fieldset><legend accesskey="C">Generate </legend>
162 Create a new random password: <input type="submit" name="create" value="Create" />