asda?‰PNG  IHDR ? f ??C1 sRGB ??é gAMA ±? üa pHYs ? ??o¨d GIDATx^íüL”÷e÷Y?a?("Bh?_ò???¢§?q5k?*:t0A-o??¥]VkJ¢M??f?±8\k2íll£1]q?ù???T var/softaculous/ninja4/update_pass.php000064400000001035151027213460014107 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/wp/update_pass.php000064400000001132151027221250013344 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $password_to_hash = base64_encode( hash_hmac( 'sha384', '[[admin_pass]]', 'wp-sha384', true ) ); $resp = password_hash($password_to_hash, PASSWORD_BCRYPT); echo ''.'$wp' . $resp.''; ?>var/softaculous/faveo/update_pass.php000064400000000761151027222020014021 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/wacart/update_pass.php000064400000001005151027225470014206 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 13)); echo ''.$resp.''; ?>var/softaculous/redax/update_pass.php000064400000000442151027225550014033 0ustar00'.$resp.''; } /* else { $resp = hash('sha512', '[[admin_pass]]'); echo ''.$resp.''; } */ @unlink('update_pass.php'); ?>var/softaculous/buggenie/update_pass.php000064400000000162151027225550014514 0ustar00'.$resp.''; ?>var/softaculous/tiki10/update_pass.php000064400000001026151027227540014031 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } if(!defined('PASSWORD_DEFAULT')){ define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/tiki/update_pass.php000064400000001026151027234660013671 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } if(!defined('PASSWORD_DEFAULT')){ define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/jamroom/update_pass.php000064400000015362151027234700014400 0ustar00 in 2004-2006 and placed in # the public domain. Revised in subsequent years, still public domain. # # There's absolutely no warranty. # # The homepage URL for this framework is: # # http://www.openwall.com/phpass/ # # Please be sure to update the Version line if you edit this file in any way. # It is suggested that you leave the main version number intact, but indicate # your project name (after the slash) and add your own revision information. # # Please do not change the "private" password hashing method implemented in # here, thereby making your hashes incompatible. However, if you must, please # change the hash type identifier (the "$P$") to something different. # # Obviously, since this code is in the public domain, the above are not # requirements (there can be none), but merely suggestions. # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function PasswordHash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); return $hash == $stored_hash; } } $jr_hasher = new PasswordHash(12, false); $resp = $jr_hasher->HashPassword('[[admin_pass]]'); echo ''.$resp.''; // We do not need this file any more @unlink('update_pass.php'); ?>var/softaculous/podcast/update_pass.php000064400000001035151027234700014361 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/blesta4/update_pass.php000064400000001010151027234760014261 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[system_hash]]', PASSWORD_DEFAULT, array("cost" => 12)); echo ''.$resp.''; ?>var/softaculous/ostic17/update_pass.php000064400000015047151027235010014220 0ustar00'.$resp.''; class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function __construct($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; if (@is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); return $hash == $stored_hash; } } class Passwd { static function cmp($passwd,$hash,$work_factor=0){ if($work_factor < 4 || $work_factor > 31) $work_factor=DEFAULT_WORK_FACTOR; $hasher = new PasswordHash($work_factor,FALSE); return ($hasher && $hasher->CheckPassword($passwd,$hash)); } static function hash($passwd, $work_factor=0){ if($work_factor < 4 || $work_factor > 31) $work_factor=DEFAULT_WORK_FACTOR; $hasher = new PasswordHash($work_factor,FALSE); return ($hasher && ($hash=$hasher->HashPassword($passwd)))?$hash:null; } } ?>var/softaculous/goffice62/update_pass.php000064400000000761151027235570014511 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/grav/update_pass.php000064400000001035151027235670013672 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/omeka/update_pass.php000064400000001035151027235720014023 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/dolibarr/update_pass.php000064400000000224151027235740014526 0ustar00' . $pass . ''; @unlink('update_pass.php'); ?>var/softaculous/chevereto/update_pass.php000064400000001025151027236200014704 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } if(!defined('PASSWORD_DEFAULT')){ define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT); echo ''.$resp.''; ?>var/softaculous/croogo/update_pass.php000064400000000774151027236620014230 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT, array()); echo ''.$resp1.''; ?>var/softaculous/kanboard/update_pass.php000064400000000760151027237010014506 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT); echo ''.$resp.''; ?>var/softaculous/schlix/update_pass.php000064400000000400151027237210014210 0ustar00'.$resp.''; ?>var/softaculous/vision/update_pass.php000064400000000174151027237360014243 0ustar00var/softaculous/flatboard/update_pass.php000064400000000761151027237400014667 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/xmb/update_pass.php000064400000000761151027237550013525 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/mautic/update_pass.php000064400000000760151027240140014205 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT); echo ''.$resp.''; ?>var/softaculous/mahara/update_pass.php000064400000002360151027240650014160 0ustar00'.$resp.''; function __encrypt_password($password, $salt='', $alg='$6$', $sitesalt='') { if ($salt == '') { $salt = substr(md5(rand(1000000, 9999999)), 2, 8); } if ($alg == '$6$') { // $6$ is the identifier for the SHA512 algorithm // Return a hash which is sha512(originalHash, salt), where original is sha1(salt + password) $password = sha1($salt . $password); // Generate a salt based on a supplied salt and the passwordsaltmain $fullsalt = substr(md5($sitesalt . $salt), 0, 16); // SHA512 expects 16 chars of salt } else { // This is most likely bcrypt $2a$, but any other algorithm can take up to 22 chars of salt // Generate a salt based on a supplied salt and the passwordsaltmain $fullsalt = substr(md5($sitesalt . $salt), 0, 22); // bcrypt expects 22 chars of salt } $hash = crypt($password, $alg . $fullsalt); // Strip out the computed salt // We strip out the salt hide the computed salt (in case the sitesalt was used which isn't in the database) $hash = substr($hash, 0, strlen($alg)) . substr($hash, strlen($alg)+strlen($fullsalt)); return $hash; } @unlink('update_pass.php'); ?> var/softaculous/miniflux/update_pass.php000064400000000761151027241640014565 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/atlantis/update_pass.php000064400000001035151027252440014544 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/goffice67/update_pass.php000064400000000761151027370570014516 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/glpi/update_pass.php000064400000000761151027377040013671 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/admidio/update_pass.php000064400000004022151027377120014335 0ustar00 10); $gPasswordHashAlgorithm = 'DEFAULT'; define('HASH_ALGORITHM_DEFAULT','DEFAULT'); define('HASH_ALGORITHM_ARGON2ID','ARGON2ID'); define('HASH_ALGORITHM_ARGON2I','ARGON2I'); define('HASH_ALGORITHM_BCRYPT','BCRYPT'); define('HASH_ALGORITHM_SHA512','SHA512'); define('HASH_INDICATOR_SHA512','$6$'); define('HASH_COST_SHA512_DEFAULT',100000); define('HASH_COST_SHA512_MIN',25000); define('HASH_COST_BCRYPT_DEFAULT',PASSWORD_BCRYPT_DEFAULT_COST); define('HASH_COST_BCRYPT_MIN',8); function __hash($password, $algorithm = HASH_ALGORITHM_DEFAULT, array $options = array()) { $options = __getPreparedOptions($algorithm, $options); switch ($algorithm) { case HASH_ALGORITHM_DEFAULT: $algorithmPhpConstant = PASSWORD_DEFAULT; break; case HASH_ALGORITHM_ARGON2ID: $algorithmPhpConstant = PASSWORD_ARGON2ID; break; case HASH_ALGORITHM_ARGON2I: $algorithmPhpConstant = PASSWORD_ARGON2I; break; case HASH_ALGORITHM_BCRYPT: $algorithmPhpConstant = PASSWORD_BCRYPT; break; case HASH_ALGORITHM_DEFAULT: $algorithmPhpConstant = PASSWORD_DEFAULT; break; case HASH_ALGORITHM_SHA512: $salt = '[[salt]]'; return crypt($password, HASH_INDICATOR_SHA512 . 'rounds=' . $options['cost'] . '$' . $salt . '$'); default: $algorithmPhpConstant = PASSWORD_DEFAULT; } return password_hash($password, $algorithmPhpConstant, $options); } function __getPreparedOptions($algorithm, array $options) { if ($algorithm === HASH_ALGORITHM_SHA512) { $defaultCost = HASH_COST_SHA512_DEFAULT; $minCost = HASH_COST_SHA512_MIN; } elseif ($algorithm === HASH_ALGORITHM_BCRYPT || ($algorithm === HASH_ALGORITHM_DEFAULT && PASSWORD_DEFAULT === PASSWORD_BCRYPT)) { $defaultCost = HASH_COST_BCRYPT_DEFAULT; $minCost = HASH_COST_BCRYPT_MIN; } else { $options['cost'] = null; return $options; } $options = array('cost' => 10); return $options; } $resp = __hash('[[admin_pass]]', $gPasswordHashAlgorithm, $options); echo ''.$resp.''; ?>var/softaculous/cftp/update_pass.php000064400000001005151027377150013664 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT, array('cost' => 8)); echo ''.$resp.''; ?>var/softaculous/conc/update_pass.php000064400000015741151027377170013670 0ustar00 in 2004-2006 and placed in # the public domain. Revised in subsequent years, still public domain. # if(!defined('PASSWORD_HASH_PORTABLE')) { define('PASSWORD_HASH_PORTABLE', false); } // The higher this is the longer it will take to create password hashes, to check them, and to crack them. if(!defined('PASSWORD_HASH_COST_LOG2')) { define('PASSWORD_HASH_COST_LOG2', 12); } $hasher = new PasswordHash(PASSWORD_HASH_COST_LOG2, PASSWORD_HASH_PORTABLE); $resp = $hasher->HashPassword('[[admin_pass]]'); echo ''.$resp.''; # There's absolutely no warranty. # # The homepage URL for this framework is: # # http://www.openwall.com/phpass/ # # Please be sure to update the Version line if you edit this file in any way. # It is suggested that you leave the main version number intact, but indicate # your project name (after the slash) and add your own revision information. # # Please do not change the "private" password hashing method implemented in # here, thereby making your hashes incompatible. However, if you must, please # change the hash type identifier (the "$P$") to something different. # # Obviously, since this code is in the public domain, the above are not # requirements (there can be none), but merely suggestions. # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function PasswordHash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; if (@is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } } // We do not need this file any more @unlink('update_pass.php'); ?>var/softaculous/microweber/update_pass.php000064400000001034151027400100015046 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/october/update_pass.php000064400000001010151027400400014342 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if (!defined('PASSWORD_BCRYPT')) { define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 10)); echo ''.$resp.''; ?>var/softaculous/wintercms/update_pass.php000064400000001010151027404570014734 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if (!defined('PASSWORD_BCRYPT')) { define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 10)); echo ''.$resp.''; ?>var/softaculous/e107/update_pass.php000064400000000761151027437270013414 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/igalerie/update_pass.php000064400000002021151027437440014507 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; $resp_conf_password = __passkey(40); echo ''.$resp_conf_password.''; function __passkey(int $length = 8): string{ $key = ''; for ($i = 0; $i < $length; $i++) { switch (random_int(1, 3)) { // 0-9. case 1 : $key .= chr(random_int(48, 57)); break; // A-Z. case 2 : $key .= chr(random_int(65, 90)); break; // a-z. case 3 : $key .= chr(random_int(97, 122)); break; } } return $key; } ?>var/softaculous/ojs/update_pass.php000064400000000761151027440230013521 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/ostic2/update_pass.php000064400000015047151027440260014137 0ustar00'.$resp.''; class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function __construct($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; if (@is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); return $hash == $stored_hash; } } class Passwd { static function cmp($passwd,$hash,$work_factor=0){ if($work_factor < 4 || $work_factor > 31) $work_factor=DEFAULT_WORK_FACTOR; $hasher = new PasswordHash($work_factor,FALSE); return ($hasher && $hasher->CheckPassword($passwd,$hash)); } static function hash($passwd, $work_factor=0){ if($work_factor < 4 || $work_factor > 31) $work_factor=DEFAULT_WORK_FACTOR; $hasher = new PasswordHash($work_factor,FALSE); return ($hasher && ($hash=$hasher->HashPassword($passwd)))?$hash:null; } } ?>var/softaculous/tastyigniter/update_pass.php000064400000000761151027440570015463 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/conc56/update_pass.php000064400000015741151027440730014034 0ustar00 in 2004-2006 and placed in # the public domain. Revised in subsequent years, still public domain. # if(!defined('PASSWORD_HASH_PORTABLE')) { define('PASSWORD_HASH_PORTABLE', false); } // The higher this is the longer it will take to create password hashes, to check them, and to crack them. if(!defined('PASSWORD_HASH_COST_LOG2')) { define('PASSWORD_HASH_COST_LOG2', 12); } $hasher = new PasswordHash(PASSWORD_HASH_COST_LOG2, PASSWORD_HASH_PORTABLE); $resp = $hasher->HashPassword('[[admin_pass]]'); echo ''.$resp.''; # There's absolutely no warranty. # # The homepage URL for this framework is: # # http://www.openwall.com/phpass/ # # Please be sure to update the Version line if you edit this file in any way. # It is suggested that you leave the main version number intact, but indicate # your project name (after the slash) and add your own revision information. # # Please do not change the "private" password hashing method implemented in # here, thereby making your hashes incompatible. However, if you must, please # change the hash type identifier (the "$P$") to something different. # # Obviously, since this code is in the public domain, the above are not # requirements (there can be none), but merely suggestions. # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function PasswordHash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; if (@is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } } // We do not need this file any more @unlink('update_pass.php'); ?>var/softaculous/paste/update_pass.php000064400000001035151027442430014041 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/fork/update_pass.php000064400000000762151027451120013670 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?> var/softaculous/phoenix/update_pass.php000064400000011231151027451120014372 0ustar00'.$resp.''; function __HashPassword($password) { $random = ''; $iteration_count_log2 = 10; $portable_hashes = true; if (CRYPT_BLOWFISH === 1 && !$portable_hashes) { $random = __get_random_bytes(16); $hash = crypt($password, __gensalt_blowfish($random)); if (strlen($hash) === 60) return $hash; } if (strlen($random) < 6) $random = __get_random_bytes(6); $hash = __crypt_private($password, __gensalt_private($random)); if (strlen($hash) === 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function __crypt_private($password, $setting) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $output = '*0'; if (substr($setting, 0, 2) === $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id !== '$P$' && $id !== '$H$') return $output; $count_log2 = strpos($itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) !== 8) return $output; # We were kind of forced to use MD5 here since it's the only # cryptographic primitive that was available in all versions # of PHP in use. To implement our own low-level crypto in PHP # would have resulted in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); $output = substr($setting, 0, 12); $output .= __encode64($hash, 16); return $output; } function __gensalt_private($input) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $iteration_count_log2 = 10; $output = '$P$'; $output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= __encode64($input, 6); return $output; } function __encode64($input, $count) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function __get_random_bytes($count) { $output = ''; $random_state = microtime(); if (is_callable('random_bytes')) { $output = random_bytes($count); } elseif (@is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { if (function_exists('stream_set_read_buffer')) { stream_set_read_buffer($fh, 0); } $output = fread($fh, $count); fclose($fh); } elseif ( function_exists('openssl_random_pseudo_bytes') ) { $output = openssl_random_pseudo_bytes($count, $orpb_secure); if ( $orpb_secure != true ) { $output = ''; } } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $random_state = md5(microtime() . $random_state); $output .= md5($random_state, TRUE); } $output = substr($output, 0, $count); } return $output; } function __gensalt_blowfish($input) { $iteration_count_log2 = 10; # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $iteration_count_log2 / 10); $output .= chr(ord('0') + $iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } ?>var/softaculous/orange/update_pass.php000064400000001006151027451300014172 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT, array('cost' => 12)); echo ''.$resp.''; ?>var/softaculous/moodle43/update_pass.php000064400000001035151027454600014355 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/slims/update_pass.php000064400000000401151027455120014050 0ustar00'.$resp.''; ?>var/softaculous/moodle42/update_pass.php000064400000001035151027455140014354 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/moodle40/update_pass.php000064400000001035151027456200014350 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/moodle45/update_pass.php000064400000001035151027456520014362 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/kimai/update_pass.php000064400000001005151027457060014021 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 13)); echo ''.$resp.''; ?>var/softaculous/fusio/update_pass.php000064400000001035151027465510014056 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/ninja/update_pass.php000064400000001035151027467570014040 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/agora/update_pass.php000064400000001035151027537650014027 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/hesk/update_pass.php000064400000001035151027655200013660 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/humhub/update_pass.php000064400000001006151027670710014217 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT, array('cost' => 12)); echo ''.$resp.''; ?>var/softaculous/htmly/update_pass.php000064400000001035151027671020014061 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/owncloud/update_pass.php000064400000015214151027671430014567 0ustar00HashPassword('[[admin_pass]]'.'[[passwordsalt]]'); echo ''.$resp.''; # # Portable PHP password hashing framework. # # Version 0.3 / genuine. # # Written by Solar Designer in 2004-2006 and placed in # the public domain. Revised in subsequent years, still public domain. # # There's absolutely no warranty. # # The homepage URL for this framework is: # # http://www.openwall.com/phpass/ # # Please be sure to update the Version line if you edit this file in any way. # It is suggested that you leave the main version number intact, but indicate # your project name (after the slash) and add your own revision information. # # Please do not change the "private" password hashing method implemented in # here, thereby making your hashes incompatible. However, if you must, please # change the hash type identifier (the "$P$") to something different. # # Obviously, since this code is in the public domain, the above are not # requirements (there can be none), but merely suggestions. # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function PasswordHash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; if (is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } } @unlink('update_pass.php'); ?>var/softaculous/tiki22/update_pass.php000064400000001026151027671530014036 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } if(!defined('PASSWORD_DEFAULT')){ define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/moodle39/update_pass.php000064400000001035151027672450014367 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/maian/update_pass.php000064400000000774151027672760014036 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if (!defined('PASSWORD_DEFAULT')) { define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/zurmo/update_pass.php000064400000004212151027674440014111 0ustar00'.$resp.''; function __genSalt($input = null) { if (!$input) { $input = __getRandomBytes(16); } $_identifier = '2y'; if (version_compare(PHP_VERSION, '5.3.7', '<')) { $_identifier = '2a'; } $_iterationCountLog2 = 12; // Hash identifier $identifier = $_identifier; // Cost factor - "4" to "04" $costFactor = chr(ord('0') + $_iterationCountLog2 / 10); $costFactor .= chr(ord('0') + $_iterationCountLog2 % 10); // Salt string $salt = __encode64($input, 16); // $II$CC$SSSSSSSSSSSSSSSSSSSSSS return '$' . $identifier . '$' . $costFactor . '$' . $salt; } function __encode64($input, $count){ $output = ''; $i = 0; $_itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; do { $c1 = ord($input[$i++]); $output .= $_itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= $count) { $output .= $_itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $_itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $_itoa64[$c1]; $output .= $_itoa64[$c2 & 0x3f]; } while (1); return $output; } function __getRandomBytes($count){ if (!is_int($count) || $count < 1) { //throw new InvalidArgumentException('Argument must be a positive integer'); } // Try OpenSSL's random generator if (function_exists('openssl_random_pseudo_bytes')) { $strongCrypto = false; $output = openssl_random_pseudo_bytes($count, $strongCrypto); if ($strongCrypto && strlen($output) == $count) { return $output; } } // Try reading from /dev/urandom, if present $output = ''; if (is_readable('/dev/urandom') && ($fh = fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } // Fall back to a locally generated "random" string if (strlen($output) < $count) { $_randomState = microtime(); $output = ''; for ($i = 0; $i < $count; $i += 16) { $_randomState = md5(microtime() . $_randomState); $output .= md5($_randomState, true); } $output = substr($output, 0, $count); } return $output; } @unlink('update_pass.php'); ?>var/softaculous/lychee/update_pass.php000064400000001144151027702510014175 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } //$user = password_hash('[[admin_username]]', PASSWORD_DEFAULT); $pass = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); //echo ''.$user.''; echo ''.$pass.''; ?> var/softaculous/stripe/update_pass.php000064400000004347151027703440014245 0ustar00'.$resp.''; echo ''.$salt.''; @unlink('update_pass.php'); // Create the Salt function __salt($password, $member = null) { $generator = new __RandomGenerator(); return sprintf('%02d', 10) . '$' . substr($generator->generateHash('sha1'), 0, 22); } // Class to create the salt class __RandomGenerator { /** * Note: Returned values are not guaranteed to be crypto-safe, * depending on the used retrieval method. * * @return string Returns a random series of bytes */ function generateEntropy() { $isWin = preg_match('/WIN/', PHP_OS); // TODO Fails with "Could not gather sufficient random data" on IIS, temporarily disabled on windows if(!$isWin) { if(function_exists('mcrypt_create_iv')) { $e = mcrypt_create_iv(64, MCRYPT_DEV_URANDOM); if($e !== false) return $e; } } // Fall back to SSL methods - may slow down execution by a few ms if (function_exists('openssl_random_pseudo_bytes')) { $e = openssl_random_pseudo_bytes(64, $strong); // Only return if strong algorithm was used if($strong) return $e; } // Read from the unix random number generator if(!$isWin && !ini_get('open_basedir') && is_readable('/dev/urandom') && ($h = fopen('/dev/urandom', 'rb'))) { $e = fread($h, 64); fclose($h); return $e; } // Warning: Both methods below are considered weak // try to read from the windows RNG if($isWin && class_exists('COM')) { try { $comObj = new COM('CAPICOM.Utilities.1'); $e = base64_decode($comObj->GetRandom(64, 0)); return $e; } catch (Exception $ex) { } } // Fallback to good old mt_rand() return uniqid(mt_rand(), true); } /** * Generates a hash suitable for manual session identifiers, CSRF tokens, etc. * * @param String $algorithm Any identifier listed in hash_algos() (Default: whirlpool) * If possible, choose a slow algorithm which complicates brute force attacks. * @return String Returned length will depend on the used $algorithm */ function generateHash($algorithm = 'whirlpool') { return hash($algorithm, $this->generateEntropy()); } } ?>var/softaculous/joomla16/update_pass.php000064400000015175151027703540014371 0ustar00HashPassword('[[admin_pass]]'); echo ''.$resp.''; # # Portable PHP password hashing framework. # # Version 0.3 / genuine. # # Written by Solar Designer in 2004-2006 and placed in # the public domain. Revised in subsequent years, still public domain. # # There's absolutely no warranty. # # The homepage URL for this framework is: # # http://www.openwall.com/phpass/ # # Please be sure to update the Version line if you edit this file in any way. # It is suggested that you leave the main version number intact, but indicate # your project name (after the slash) and add your own revision information. # # Please do not change the "private" password hashing method implemented in # here, thereby making your hashes incompatible. However, if you must, please # change the hash type identifier (the "$P$") to something different. # # Obviously, since this code is in the public domain, the above are not # requirements (there can be none), but merely suggestions. # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function PasswordHash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; if (is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } } @unlink('update_pass.php'); ?>var/softaculous/joomla310/update_pass.php000064400000000761151027703640014442 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/lepton/update_pass.php000064400000001211151027726520014227 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $htpass = password_hash('[[random_value]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; echo ''.$htpass.''; ?>var/softaculous/userspice/update_pass.php000064400000001005151027726740014735 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 14)); echo ''.$resp.''; ?>var/softaculous/moodle50/update_pass.php000064400000001035151027731020014345 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/lime3/update_pass.php000064400000000560151027731240013740 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); $resp = hash('sha256', '[[admin_pass]]'); echo ''.$resp.''; ?>var/softaculous/hotaru/update_pass.php000064400000012607151027750010014232 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); define('PASSWORD_BCRYPT_DEFAULT_COST', 10); $resp = __password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; /** * Hash the password using the specified algorithm * * @param string $password The password to hash * @param int $algo The algorithm to use (Defined by PASSWORD_* constants) * @param array $options The options for the algorithm to use * * @return string|false The hashed password, or false on error. */ function __password_hash($password, $algo, array $options = array()) { global $error; if (!function_exists('crypt')) { $error[] = "Crypt must be loaded for password_hash to function"; return null; } if (is_null($password) || is_int($password)) { $password = (string) $password; } if (!is_string($password)) { $error[] = "password_hash(): Password must be a string"; return null; } if (!is_int($algo)) { $error[] = "password_hash() expects parameter 2 to be long, " . gettype($algo) . " given"; return null; } $resultLength = 0; switch ($algo) { case PASSWORD_BCRYPT: $cost = PASSWORD_BCRYPT_DEFAULT_COST; if (isset($options['cost'])) { $cost = $options['cost']; if ($cost < 4 || $cost > 31) { $error[] = "password_hash(): Invalid bcrypt cost parameter specified: ".$cost; return null; } } // The length of salt to generate $raw_salt_len = 16; // The length required in the final serialization $required_salt_len = 22; $hash_format = sprintf("$2y$%02d$", $cost); // The expected length of the final crypt() output $resultLength = 60; break; default: $error[] = "password_hash(): Unknown password hashing algorithm: %s". $algo; return null; } $salt_requires_encoding = false; if (isset($options['salt'])) { switch (gettype($options['salt'])) { case 'NULL': case 'boolean': case 'integer': case 'double': case 'string': $salt = (string) $options['salt']; break; case 'object': if (method_exists($options['salt'], '__tostring')) { $salt = (string) $options['salt']; break; } case 'array': case 'resource': default: $error[] = 'password_hash(): Non-string salt parameter supplied'; return null; } if (__strlen($salt) < $required_salt_len) { $error[] = "password_hash(): Provided salt is too short: expecting"; return null; } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { $salt_requires_encoding = true; } } else { $buffer = ''; $buffer_valid = false; if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { $buffer = openssl_random_pseudo_bytes($raw_salt_len); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && @is_readable('/dev/urandom')) { $f = fopen('/dev/urandom', 'r'); $read = __strlen($buffer); while ($read < $raw_salt_len) { $buffer .= fread($f, $raw_salt_len - $read); $read = __strlen($buffer); } fclose($f); if ($read >= $raw_salt_len) { $buffer_valid = true; } } if (!$buffer_valid || __strlen($buffer) < $raw_salt_len) { $bl = __strlen($buffer); for ($i = 0; $i < $raw_salt_len; $i++) { if ($i < $bl) { $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); } else { $buffer .= chr(mt_rand(0, 255)); } } } $salt = $buffer; $salt_requires_encoding = true; } if ($salt_requires_encoding) { // encode string with the Base64 variant used by crypt $base64_digits = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; $bcrypt64_digits = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $base64_string = base64_encode($salt); $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits); } $salt = __substr($salt, 0, $required_salt_len); $hash = $hash_format . $salt; $ret = crypt($password, $hash); if (!is_string($ret) || __strlen($ret) != $resultLength) { return false; } return $ret; } /** * Get a substring based on byte limits * * @see __strlen() * * @param string $binary_string The input string * @param int $start * @param int $length * * @internal * @return string The substring */ function __substr($binary_string, $start, $length) { if (function_exists('mb__substr')) { return mb__substr($binary_string, $start, $length, '8bit'); } return substr($binary_string, $start, $length); } /** * Count the number of bytes in a string * * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension. * In this case, strlen() will count the number of *characters* based on the internal encoding. A * sequence of bytes might be regarded as a single multibyte character. * * @param string $binary_string The input string * * @internal * @return int The number of bytes */ function __strlen($binary_string) { if (function_exists('mb__strlen')) { return mb__strlen($binary_string, '8bit'); } return strlen($binary_string); } @unlink('update_pass.php');var/softaculous/osclassified/update_pass.php000064400000001062151027750670015405 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT, array('cost' => 15)); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/postfix/update_pass.php000064400000000760151027761570014436 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT); echo ''.$resp.''; ?>var/softaculous/elgg3/update_pass.php000064400000000761151027763660013746 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/cpg/update_pass.php000064400000004055151027765020013506 0ustar00var/softaculous/vtiger/update_pass.php000064400000000761151027765330014241 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/moodle30/update_pass.php000064400000001035151027765640014362 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/handesk/update_pass.php000064400000001035151030065560014341 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/pyro/update_pass.php000064400000000163151030066000013704 0ustar00 10)); @unlink('update_pass.php'); ?>var/softaculous/elgg/update_pass.php000064400000012605151030066160013644 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); define('PASSWORD_BCRYPT_DEFAULT_COST', 10); $resp = __password_hash('[[admin_pass]]', PASSWORD_BCRYPT); echo ''.$resp.''; /** * Hash the password using the specified algorithm * * @param string $password The password to hash * @param int $algo The algorithm to use (Defined by PASSWORD_* constants) * @param array $options The options for the algorithm to use * * @return string|false The hashed password, or false on error. */ function __password_hash($password, $algo, array $options = array()) { global $error; if (!function_exists('crypt')) { $error[] = "Crypt must be loaded for password_hash to function"; return null; } if (is_null($password) || is_int($password)) { $password = (string) $password; } if (!is_string($password)) { $error[] = "password_hash(): Password must be a string"; return null; } if (!is_int($algo)) { $error[] = "password_hash() expects parameter 2 to be long, " . gettype($algo) . " given"; return null; } $resultLength = 0; switch ($algo) { case PASSWORD_BCRYPT: $cost = PASSWORD_BCRYPT_DEFAULT_COST; if (isset($options['cost'])) { $cost = $options['cost']; if ($cost < 4 || $cost > 31) { $error[] = "password_hash(): Invalid bcrypt cost parameter specified: ".$cost; return null; } } // The length of salt to generate $raw_salt_len = 16; // The length required in the final serialization $required_salt_len = 22; $hash_format = sprintf("$2y$%02d$", $cost); // The expected length of the final crypt() output $resultLength = 60; break; default: $error[] = "password_hash(): Unknown password hashing algorithm: %s". $algo; return null; } $salt_requires_encoding = false; if (isset($options['salt'])) { switch (gettype($options['salt'])) { case 'NULL': case 'boolean': case 'integer': case 'double': case 'string': $salt = (string) $options['salt']; break; case 'object': if (method_exists($options['salt'], '__tostring')) { $salt = (string) $options['salt']; break; } case 'array': case 'resource': default: $error[] = 'password_hash(): Non-string salt parameter supplied'; return null; } if (__strlen($salt) < $required_salt_len) { $error[] = "password_hash(): Provided salt is too short: expecting"; return null; } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { $salt_requires_encoding = true; } } else { $buffer = ''; $buffer_valid = false; if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { $buffer = openssl_random_pseudo_bytes($raw_salt_len); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && @is_readable('/dev/urandom')) { $f = fopen('/dev/urandom', 'r'); $read = __strlen($buffer); while ($read < $raw_salt_len) { $buffer .= fread($f, $raw_salt_len - $read); $read = __strlen($buffer); } fclose($f); if ($read >= $raw_salt_len) { $buffer_valid = true; } } if (!$buffer_valid || __strlen($buffer) < $raw_salt_len) { $bl = __strlen($buffer); for ($i = 0; $i < $raw_salt_len; $i++) { if ($i < $bl) { $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); } else { $buffer .= chr(mt_rand(0, 255)); } } } $salt = $buffer; $salt_requires_encoding = true; } if ($salt_requires_encoding) { // encode string with the Base64 variant used by crypt $base64_digits = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; $bcrypt64_digits = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $base64_string = base64_encode($salt); $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits); } $salt = __substr($salt, 0, $required_salt_len); $hash = $hash_format . $salt; $ret = crypt($password, $hash); if (!is_string($ret) || __strlen($ret) != $resultLength) { return false; } return $ret; } /** * Get a substring based on byte limits * * @see __strlen() * * @param string $binary_string The input string * @param int $start * @param int $length * * @internal * @return string The substring */ function __substr($binary_string, $start, $length) { if (function_exists('mb__substr')) { return mb__substr($binary_string, $start, $length, '8bit'); } return substr($binary_string, $start, $length); } /** * Count the number of bytes in a string * * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension. * In this case, strlen() will count the number of *characters* based on the internal encoding. A * sequence of bytes might be regarded as a single multibyte character. * * @param string $binary_string The input string * * @internal * @return int The number of bytes */ function __strlen($binary_string) { if (function_exists('mb__strlen')) { return mb__strlen($binary_string, '8bit'); } return strlen($binary_string); } @unlink('update_pass.php');var/softaculous/joomla4/update_pass.php000064400000000761151030067210014270 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/subrion/update_pass.php000064400000001035151030101310014365 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/commentics/update_pass.php000064400000001005151030101550015050 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 10)); echo ''.$resp.''; ?>var/softaculous/contao/update_pass.php000064400000001350151030103300014170 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT, array("cost" => 13)); $resp1 = str_replace("\$", "\\\$", $resp); $contao_manager_pass = password_hash('[[contao_manager_pass]]', PASSWORD_DEFAULT, array("cost" => 13)); echo ''.$resp1.''; echo ''.$contao_manager_pass.''; ?>var/softaculous/nextcloud/update_pass.php000064400000002027151030103310014715 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ if(!defined('PASSWORD_BCRYPT')){ define(PASSWORD_BCRYPT, 1); } $default = PASSWORD_BCRYPT; if(defined('PASSWORD_ARGON2I')){ $default = PASSWORD_ARGON2I; } $resp = password_hash('[[admin_pass]]', $default); echo ''.$resp.''; for($i = 1 ; $i <=10 ; $i++){ $sync_token[$i] = __generateSyncToken(); } $values = json_encode($sync_token); echo ''.$values.''; function __generateSyncToken(){ global $error; $chars = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890'; $str = ''; $max = strlen($chars); for ($i = 0; $i < 7; $i++) { try { $str .= $chars[random_int(0, $max - 2)]; } catch (Exception $e) { $error[] = 'exception during generateSyncToken'; } } return $str; } @unlink('update_pass.php'); ?>var/softaculous/elgg33/update_pass.php000064400000000761151030103660014007 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/oscom/update_pass.php000064400000001263151030104620014036 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]][[seckeybackend]]', PASSWORD_BCRYPT, array('cost' => 13)); echo ''.$resp.''; $resp1 = password_hash('[[admin_email]][[seckeybackend]]', PASSWORD_BCRYPT, array('cost' => 13)); echo ''.$resp1.''; ?>var/softaculous/vanilla/update_pass.php000064400000001035151030104630014342 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/framadate/update_pass.php000064400000000760151030107040014642 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT); echo ''.$resp.''; ?>var/softaculous/zencart/update_pass.php000064400000000762151030124050014366 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if (!defined('PASSWORD_BCRYPT')) { define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/ruko/update_pass.php000064400000015301151030124070013675 0ustar00HashPassword('[[admin_pass]]'); echo ''.$resp.''; # # Portable PHP password hashing framework. # # Version 0.3 / genuine. # # Written by Solar Designer in 2004-2006 and placed in # the public domain. Revised in subsequent years, still public domain. # # There's absolutely no warranty. # # The homepage URL for this framework is: # # http://www.openwall.com/phpass/ # # Please be sure to update the Version line if you edit this file in any way. # It is suggested that you leave the main version number intact, but indicate # your project name (after the slash) and add your own revision information. # # Please do not change the "private" password hashing method implemented in # here, thereby making your hashes incompatible. However, if you must, please # change the hash type identifier (the "$P$") to something different. # # Obviously, since this code is in the public domain, the above are not # requirements (there can be none), but merely suggestions. # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function __construct($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; /* if (is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } */ if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; /* if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } */ if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } } // We do not need this file any more @unlink('update_pass.php'); ?> var/softaculous/pagekit/update_pass.php000064400000001052151030124250014337 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } if(!defined('PASSWORD_DEFAULT')){ define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 10)); echo ''.$resp.''; ?>var/softaculous/yeti/update_pass.php000064400000001035151030124660013673 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/ostic14/update_pass.php000064400000015047151030125110014206 0ustar00'.$resp.''; class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function __construct($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function get_random_bytes($count) { $output = ''; if (@is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); return $hash == $stored_hash; } } class Passwd { static function cmp($passwd,$hash,$work_factor=0){ if($work_factor < 4 || $work_factor > 31) $work_factor=DEFAULT_WORK_FACTOR; $hasher = new PasswordHash($work_factor,FALSE); return ($hasher && $hasher->CheckPassword($passwd,$hash)); } static function hash($passwd, $work_factor=0){ if($work_factor < 4 || $work_factor > 31) $work_factor=DEFAULT_WORK_FACTOR; $hasher = new PasswordHash($work_factor,FALSE); return ($hasher && ($hash=$hasher->HashPassword($passwd)))?$hash:null; } } ?>var/softaculous/omekas/update_pass.php000064400000001035151030125450014176 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/peel/update_pass.php000064400000003534151030125630013652 0ustar00'.$resp.''; function __get_user_password_hash($password, $tested_hash = null, $password_given_as_first_password_hash = false, $password_length_if_given_as_first_password_hash = null) { if ($tested_hash == md5($password)) { return $tested_hash; } if (!$password_given_as_first_password_hash) { // Création d'un premier hash du mot de passe $first_password_hash = hash('sha256', 'k)I8#;z=TIxnXmIPdW2TRzt4Ov89|#V~cU@]'.$password); // set where salt will appear in hash $salt_start = strlen($password); } else { $first_password_hash = $password; $salt_start = $password_length_if_given_as_first_password_hash; } // if no salt given create random one if ($tested_hash == null) { $salt_hash = substr(hash('sha256', 'k)I8#;z=TIxnXmIPdW2TRzt4Ov89|#V~cU@]'. uniqid(mt_rand(), true)), 0, 6); } else { $salt_hash = substr($tested_hash, 0, 6); } // add salt into text hash at pass length position and hash it if ($salt_start > 0 && $salt_start < strlen($salt_hash)) { $first_password_hash_start = substr($first_password_hash, 0, $salt_start); $first_password_hash_end = substr($first_password_hash, $salt_start, strlen($salt_hash)); $hash_rough = hash('sha256' , 'k)I8#;z=TIxnXmIPdW2TRzt4Ov89|#V~cU@]'. $first_password_hash_end . $salt_hash . $first_password_hash_start); } elseif ($salt_start > (strlen($salt_hash) - 1)) { $hash_rough = hash('sha256', 'k)I8#;z=TIxnXmIPdW2TRzt4Ov89|#V~cU@]' . $first_password_hash . $salt_hash); } else { $hash_rough = hash('sha256', 'k)I8#;z=TIxnXmIPdW2TRzt4Ov89|#V~cU@]' . $salt_hash . $first_password_hash); } // put salt at front of hash $password_hash = $salt_hash . substr($hash_rough, 0, 26); if (empty($tested_hash) || $tested_hash == $password_hash) { return $password_hash; } } @unlink('update_pass.php'); ?>var/softaculous/presta8/update_pass.php000064400000000761151030151030014303 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/uvdesk/update_pass.php000064400000001005151030160630014214 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 13)); echo ''.$resp.''; ?>var/softaculous/shopware/update_pass.php000064400000001035151030162130014543 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/tcexam/update_pass.php000064400000000452151030162700014201 0ustar00'.$resp.''; var/softaculous/joomla30/update_pass.php000064400000000761151030163130014345 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/ops/update_pass.php000064400000000761151030163600013524 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/moodle41/update_pass.php000064400000001035151030164260014345 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/attendize/update_pass.php000064400000001035151030164740014713 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/joomla54/update_pass.php000064400000000761151030174570014365 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/openb/update_pass.php000064400000001004151030220260014011 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 8)); echo ''.$resp.''; ?>var/softaculous/freescout/update_pass.php000064400000001006151030222720014712 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if (!defined('PASSWORD_BCRYPT')) { define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT, array('cost' => 10)); echo ''.$resp.''; ?>var/softaculous/pimcore/update_pass.php000064400000000763151030224100014354 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if (!defined('PASSWORD_BCRYPT')) { define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>var/softaculous/clicshop/update_pass.php000064400000000377151030237560014541 0ustar00'.$resp.''; ?>var/softaculous/moodle/update_pass.php000064400000006261151030240330014177 0ustar00 31) { $error[] = "password_hash(): Invalid bcrypt cost parameter specified: ".$cost; return null; } } $required_salt_len = 22; $hash_format = sprintf("$2y$%02d$", $cost); break; default: $error[] = "password_hash(): Unknown password hashing algorithm: ".$algo; return null; } if (isset($options['salt'])) { switch (gettype($options['salt'])) { case 'NULL': case 'boolean': case 'integer': case 'double': case 'string': $salt = (string) $options['salt']; break; case 'object': if (method_exists($options['salt'], '__tostring')) { $salt = (string) $options['salt']; break; } case 'array': case 'resource': default: $error[] = 'password_hash(): Non-string salt parameter supplied'; return null; } if (strlen($salt) < $required_salt_len) { $error[] = "password_hash(): Provided salt is too short: ".strlen($salt)." expecting ".$required_salt_len; return null; } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { $salt = str_replace('+', '.', base64_encode($salt)); } } else { $buffer = ''; $raw_length = (int) ($required_salt_len * 3 / 4 + 1); $buffer_valid = false; if (function_exists('mcrypt_create_iv')) { $buffer = mcrypt_create_iv($raw_length, MCRYPT_DEV_URANDOM); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { $buffer = openssl_random_pseudo_bytes($raw_length); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && file_exists('/dev/urandom')) { $f = @fopen('/dev/urandom', 'r'); if ($f) { $read = strlen($buffer); while ($read < $raw_length) { $buffer .= fread($f, $raw_length - $read); $read = strlen($buffer); } fclose($f); if ($read >= $raw_length) { $buffer_valid = true; } } } if (!$buffer_valid || strlen($buffer) < $raw_length) { $bl = strlen($buffer); for ($i = 0; $i < $raw_length; $i++) { if ($i < $bl) { $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); } else { $buffer .= chr(mt_rand(0, 255)); } } } $salt = str_replace('+', '.', base64_encode($buffer)); } $salt = substr($salt, 0, $required_salt_len); $hash = $hash_format . $salt; $ret = crypt($password, $hash); if (!is_string($ret) || strlen($ret) <= 13) { return false; } return $ret; } $resp = __password_hash('[[admin_pass]]', 1, array()); echo ''.$resp.''; // We do not need this file any more unlink('update_pass.php'); ?>var/softaculous/thelia/update_pass.php000064400000000762151030241210014164 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if (!defined('PASSWORD_DEFAULT')){ define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); } $resp = password_hash('[[admin_pass]]', PASSWORD_BCRYPT); echo ''.$resp.''; ?>var/softaculous/owa/update_pass.php000064400000001047151030241340013505 0ustar00'.$resp.''; function __encryptOldPassword($password) { return md5(strtolower($password).strlen($password)); } function __encryptPassword($password) { // check function exists to support older PHP if ( function_exists('password_hash') ) { return password_hash( $password, PASSWORD_DEFAULT ); } else { return __encryptOldPassword($password); } } ?>var/softaculous/myt/update_pass.php000064400000010173151030245030013530 0ustar00'.$resp.''; function __hashPassword($password,$cost=13){ global $error; __checkBlowfish(); $salt=__generateSalt($cost); $hash=crypt($password,$salt); if(!is_string($hash) || (function_exists('mb_strlen') ? mb_strlen($hash, '8bit') : strlen($hash))<32) $error[] = 'Internal error while generating hash.'; return $hash; } function __checkBlowfish(){ global $error; if(!function_exists('crypt')){ $error[] = 'requires the PHP crypt() function. This system does not have it.'; } if(!defined('CRYPT_BLOWFISH') || !CRYPT_BLOWFISH){ $error[] = 'requires the Blowfish option of the PHP crypt() function. This system does not have it.'; } } function __generateSalt($cost=13){ global $error; if(($random=__generateRandomString(22,true))===false) if(($random=__generateRandomString(22,false))===false) $error[] = 'Unable to generate random string.'; return sprintf('$2y$%02d$',$cost).strtr($random,array('_'=>'.','~'=>'/')); } function __generateRandomString($length,$cryptographicallyStrong=true){ if(($randomBytes=__generateRandomBytes($length+2,$cryptographicallyStrong))!==false) return strtr(substr(base64_encode($randomBytes),0,$length),array('+'=>'_','/'=>'~')); return false; } function __generateRandomBytes($length,$cryptographicallyStrong=true){ $bytes=''; if(function_exists('openssl_random_pseudo_bytes')) { $bytes=openssl_random_pseudo_bytes($length,$strong); if(strlen($bytes)>=$length && ($strong || !$cryptographicallyStrong)) return substr($bytes,0,$length); } if(function_exists('mcrypt_create_iv') && ($bytes=mcrypt_create_iv($length, MCRYPT_DEV_URANDOM))!==false && strlen($bytes)>=$length) { return substr($bytes,0,$length); } if(($file=@fopen('/dev/urandom','rb'))!==false && ($bytes=@fread($file,$length))!==false && (fclose($file) || true) && strlen($bytes)>=$length) { return substr($bytes,0,$length); } $i=0; while(strlen($bytes)<$length && ($byte=__generateSessionRandomBlock())!==false && ++$i<3) { $bytes.=$byte; } if(strlen($bytes)>=$length) return substr($bytes,0,$length); if ($cryptographicallyStrong) return false; while(strlen($bytes)<$length) $bytes.=__generatePseudoRandomBlock(); return substr($bytes,0,$length); } function __generateSessionRandomBlock(){ ini_set('session.entropy_length',20); if(ini_get('session.entropy_length')!=20) return false; // These calls are (supposed to be, according to PHP manual) safe even if // there is already an active session for the calling script. @session_start(); @session_regenerate_id(); $bytes=session_id(); if(!$bytes) return false; // $bytes has 20 bytes of entropy but the session manager converts the binary // random bytes into something readable. We have to convert that back. // SHA-1 should do it without losing entropy. return sha1($bytes,true); } function __generatePseudoRandomBlock(){ $bytes=''; if (function_exists('openssl_random_pseudo_bytes') && ($bytes=openssl_random_pseudo_bytes(512))!==false && strlen($bytes)>=512) { return substr($bytes,0,512); } for($i=0;$i<32;++$i) $bytes.=pack('S',mt_rand(0,0xffff)); // On UNIX and UNIX-like operating systems the numerical values in `ps`, `uptime` and `iostat` // ought to be fairly unpredictable. Gather the non-zero digits from those. foreach(array('ps','uptime','iostat') as $command) { @exec($command,$commandResult,$retVal); if(is_array($commandResult) && !empty($commandResult) && $retVal==0) $bytes.=preg_replace('/[^1-9]/','',implode('',$commandResult)); } // Gather the current time's microsecond part. Note: this is only a source of entropy on // the first call! If multiple calls are made, the entropy is only as much as the // randomness in the time between calls. $bytes.=substr(microtime(),2,6); // Concatenate everything gathered, mix it with sha512. hash() is part of PHP core and // enabled by default but it can be disabled at compile time but we ignore that possibility here. return hash('sha512',$bytes,true); } @unlink('update_pass.php'); ?>var/softaculous/cszcms/update_pass.php000064400000001107151030245030014216 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $options = array('cost' => 12); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT, $options); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/moodle44/update_pass.php000064400000001035151030252600014344 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT); $resp1 = str_replace("\$", "\\\$", $resp); echo ''.$resp1.''; ?>var/softaculous/ossn/update_pass.php000064400000000774151030326110013706 0ustar00 * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors */ @unlink('update_pass.php'); if(!defined('PASSWORD_BCRYPT')){ define('PASSWORD_BCRYPT', 1); } define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); $resp = password_hash('[[admin_pass]]'.'[[salt]]', PASSWORD_DEFAULT); echo ''.$resp.''; ?>