Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.35
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
usr /
src /
php-7.4.33 /
ext /
standard /
Delete
Unzip
Name
Size
Permission
Date
Action
.libs
[ DIR ]
drwxr-xr-x
2024-03-12 14:32
html_tables
[ DIR ]
drwxrwxr-x
2022-10-31 11:36
tests
[ DIR ]
drwxrwxr-x
2022-10-31 11:36
Makefile.frag
518
B
-rw-rw-r--
2022-10-31 11:36
Makefile.frag.w32
484
B
-rw-rw-r--
2022-10-31 11:36
array.c
180.31
KB
-rw-rw-r--
2022-10-31 11:36
array.lo
319
B
-rw-r--r--
2024-03-12 14:30
array.o
899.66
KB
-rw-r--r--
2024-03-12 14:30
assert.c
11.06
KB
-rw-rw-r--
2022-10-31 11:36
assert.lo
322
B
-rw-r--r--
2024-03-12 14:31
assert.o
160.11
KB
-rw-r--r--
2024-03-12 14:31
base64.c
30.69
KB
-rw-rw-r--
2022-10-31 11:36
base64.h
3.8
KB
-rw-rw-r--
2022-10-31 11:36
base64.lo
322
B
-rw-r--r--
2024-03-12 14:30
base64.o
87.38
KB
-rw-r--r--
2024-03-12 14:30
basic_functions.c
169.92
KB
-rw-rw-r--
2022-10-31 11:36
basic_functions.h
7.71
KB
-rw-rw-r--
2022-10-31 11:36
basic_functions.lo
349
B
-rw-r--r--
2024-03-12 14:30
basic_functions.o
928.72
KB
-rw-r--r--
2024-03-12 14:30
browscap.c
20.87
KB
-rw-rw-r--
2022-10-31 11:36
browscap.lo
328
B
-rw-r--r--
2024-03-12 14:30
browscap.o
144.24
KB
-rw-r--r--
2024-03-12 14:30
config.m4
12.06
KB
-rw-rw-r--
2022-10-31 11:36
config.w32
1.79
KB
-rw-rw-r--
2022-10-31 11:36
crc32.c
2.78
KB
-rw-rw-r--
2022-10-31 11:36
crc32.h
4.64
KB
-rw-rw-r--
2022-10-31 11:36
crc32.lo
319
B
-rw-r--r--
2024-03-12 14:30
crc32.o
78.52
KB
-rw-r--r--
2024-03-12 14:30
credits.c
5.86
KB
-rw-rw-r--
2022-10-31 11:36
credits.h
1.67
KB
-rw-rw-r--
2022-10-31 11:36
credits.lo
325
B
-rw-r--r--
2024-03-12 14:31
credits.o
112.09
KB
-rw-r--r--
2024-03-12 14:31
credits_ext.h
5.25
KB
-rw-rw-r--
2022-10-31 11:36
credits_sapi.h
835
B
-rw-rw-r--
2022-10-31 11:36
crypt.c
8.2
KB
-rw-rw-r--
2022-10-31 11:36
crypt.lo
319
B
-rw-r--r--
2024-03-12 14:30
crypt.o
94.56
KB
-rw-r--r--
2024-03-12 14:30
crypt_blowfish.c
31.67
KB
-rw-rw-r--
2022-10-31 11:36
crypt_blowfish.h
1.01
KB
-rw-rw-r--
2022-10-31 11:36
crypt_blowfish.lo
346
B
-rw-r--r--
2024-03-12 14:30
crypt_blowfish.o
70.52
KB
-rw-r--r--
2024-03-12 14:30
crypt_freesec.c
21.67
KB
-rw-rw-r--
2022-10-31 11:36
crypt_freesec.h
662
B
-rw-rw-r--
2022-10-31 11:36
crypt_freesec.lo
343
B
-rw-r--r--
2024-03-12 14:30
crypt_freesec.o
30.79
KB
-rw-r--r--
2024-03-12 14:30
crypt_sha256.c
21.56
KB
-rw-rw-r--
2022-10-31 11:36
crypt_sha256.lo
340
B
-rw-r--r--
2024-03-12 14:30
crypt_sha256.o
105.59
KB
-rw-r--r--
2024-03-12 14:30
crypt_sha512.c
26.21
KB
-rw-rw-r--
2022-10-31 11:36
crypt_sha512.lo
340
B
-rw-r--r--
2024-03-12 14:30
crypt_sha512.o
109.91
KB
-rw-r--r--
2024-03-12 14:30
css.c
2.39
KB
-rw-rw-r--
2022-10-31 11:36
css.h
1.19
KB
-rw-rw-r--
2022-10-31 11:36
css.lo
313
B
-rw-r--r--
2024-03-12 14:31
css.o
74.53
KB
-rw-r--r--
2024-03-12 14:31
cyr_convert.c
11.42
KB
-rw-rw-r--
2022-10-31 11:36
cyr_convert.h
1.22
KB
-rw-rw-r--
2022-10-31 11:36
cyr_convert.lo
337
B
-rw-r--r--
2024-03-12 14:30
cyr_convert.o
85.68
KB
-rw-r--r--
2024-03-12 14:30
datetime.c
3.48
KB
-rw-rw-r--
2022-10-31 11:36
datetime.h
1.34
KB
-rw-rw-r--
2022-10-31 11:36
datetime.lo
328
B
-rw-r--r--
2024-03-12 14:30
datetime.o
81.48
KB
-rw-r--r--
2024-03-12 14:30
dir.c
14.9
KB
-rw-rw-r--
2022-10-31 11:36
dir.lo
313
B
-rw-r--r--
2024-03-12 14:30
dir.o
147.7
KB
-rw-r--r--
2024-03-12 14:30
dl.c
8.11
KB
-rw-rw-r--
2022-10-31 11:36
dl.h
1.59
KB
-rw-rw-r--
2022-10-31 11:36
dl.lo
310
B
-rw-r--r--
2024-03-12 14:30
dl.o
106.3
KB
-rw-r--r--
2024-03-12 14:30
dns.c
28.95
KB
-rw-rw-r--
2022-10-31 11:36
dns.lo
313
B
-rw-r--r--
2024-03-12 14:30
dns.o
186.35
KB
-rw-r--r--
2024-03-12 14:30
dns_win32.c
15.22
KB
-rw-rw-r--
2022-10-31 11:36
exec.c
13.49
KB
-rw-rw-r--
2022-10-31 11:36
exec.h
1.68
KB
-rw-rw-r--
2022-10-31 11:36
exec.lo
316
B
-rw-r--r--
2024-03-12 14:30
exec.o
147.67
KB
-rw-r--r--
2024-03-12 14:30
file.c
68.02
KB
-rw-rw-r--
2022-10-31 11:36
file.h
4.63
KB
-rw-rw-r--
2022-10-31 11:36
file.lo
316
B
-rw-r--r--
2024-03-12 14:30
file.o
448.2
KB
-rw-r--r--
2024-03-12 14:30
filestat.c
30.34
KB
-rw-rw-r--
2022-10-31 11:36
filestat.lo
328
B
-rw-r--r--
2024-03-12 14:30
filestat.o
263.89
KB
-rw-r--r--
2024-03-12 14:30
filters.c
53.65
KB
-rw-rw-r--
2022-10-31 11:36
filters.lo
325
B
-rw-r--r--
2024-03-12 14:31
filters.o
190.89
KB
-rw-r--r--
2024-03-12 14:31
flock_compat.c
6.73
KB
-rw-rw-r--
2022-10-31 11:36
flock_compat.h
2.06
KB
-rw-rw-r--
2022-10-31 11:36
flock_compat.lo
340
B
-rw-r--r--
2024-03-12 14:30
flock_compat.o
69.09
KB
-rw-r--r--
2024-03-12 14:30
formatted_print.c
20.84
KB
-rw-rw-r--
2022-10-31 11:36
formatted_print.lo
349
B
-rw-r--r--
2024-03-12 14:30
formatted_print.o
180.03
KB
-rw-r--r--
2024-03-12 14:30
fsock.c
3.95
KB
-rw-rw-r--
2022-10-31 11:36
fsock.h
1.42
KB
-rw-rw-r--
2022-10-31 11:36
fsock.lo
319
B
-rw-r--r--
2024-03-12 14:30
fsock.o
89.59
KB
-rw-r--r--
2024-03-12 14:30
ftok.c
2.05
KB
-rw-rw-r--
2022-10-31 11:36
ftok.lo
316
B
-rw-r--r--
2024-03-12 14:31
ftok.o
78.41
KB
-rw-r--r--
2024-03-12 14:31
ftp_fopen_wrapper.c
31.75
KB
-rw-rw-r--
2022-10-31 11:36
ftp_fopen_wrapper.lo
355
B
-rw-r--r--
2024-03-12 14:31
ftp_fopen_wrapper.o
157.71
KB
-rw-r--r--
2024-03-12 14:31
head.c
12.54
KB
-rw-rw-r--
2022-10-31 11:36
head.h
1.85
KB
-rw-rw-r--
2022-10-31 11:36
head.lo
316
B
-rw-r--r--
2024-03-12 14:30
head.o
186.44
KB
-rw-r--r--
2024-03-12 14:30
hrtime.c
5.06
KB
-rw-rw-r--
2022-10-31 11:36
hrtime.h
2.48
KB
-rw-rw-r--
2022-10-31 11:36
hrtime.lo
322
B
-rw-r--r--
2024-03-12 14:32
hrtime.o
86.02
KB
-rw-r--r--
2024-03-12 14:32
html.c
47
KB
-rw-rw-r--
2022-10-31 11:36
html.h
2.62
KB
-rw-rw-r--
2022-10-31 11:36
html.lo
316
B
-rw-r--r--
2024-03-12 14:31
html.o
1.03
MB
-rw-r--r--
2024-03-12 14:31
html_tables.h
472.41
KB
-rw-rw-r--
2022-10-31 11:36
http.c
7.46
KB
-rw-rw-r--
2022-10-31 11:36
http.lo
316
B
-rw-r--r--
2024-03-12 14:32
http.o
118.94
KB
-rw-r--r--
2024-03-12 14:32
http_fopen_wrapper.c
32.52
KB
-rw-rw-r--
2022-10-31 11:36
http_fopen_wrapper.lo
358
B
-rw-r--r--
2024-03-12 14:31
http_fopen_wrapper.o
248.67
KB
-rw-r--r--
2024-03-12 14:31
image.c
42.17
KB
-rw-rw-r--
2022-10-31 11:36
image.lo
319
B
-rw-r--r--
2024-03-12 14:31
image.o
166.95
KB
-rw-r--r--
2024-03-12 14:31
incomplete_class.c
5.04
KB
-rw-rw-r--
2022-10-31 11:36
incomplete_class.lo
352
B
-rw-r--r--
2024-03-12 14:31
incomplete_class.o
85.84
KB
-rw-r--r--
2024-03-12 14:31
info.c
40.22
KB
-rw-rw-r--
2022-10-31 11:36
info.h
22.6
KB
-rw-rw-r--
2022-10-31 11:36
info.lo
316
B
-rw-r--r--
2024-03-12 14:31
info.o
249.2
KB
-rw-r--r--
2024-03-12 14:31
iptc.c
9.57
KB
-rw-rw-r--
2022-10-31 11:36
iptc.lo
316
B
-rw-r--r--
2024-03-12 14:31
iptc.o
106.11
KB
-rw-r--r--
2024-03-12 14:31
lcg.c
3
KB
-rw-rw-r--
2022-10-31 11:36
lcg.lo
313
B
-rw-r--r--
2024-03-12 14:31
lcg.o
75.09
KB
-rw-r--r--
2024-03-12 14:31
levenshtein.c
3.92
KB
-rw-rw-r--
2022-10-31 11:36
levenshtein.lo
337
B
-rw-r--r--
2024-03-12 14:31
levenshtein.o
76.74
KB
-rw-r--r--
2024-03-12 14:31
link.c
5.84
KB
-rw-rw-r--
2022-10-31 11:36
link.lo
316
B
-rw-r--r--
2024-03-12 14:31
link.o
101.48
KB
-rw-r--r--
2024-03-12 14:31
mail.c
17.34
KB
-rw-rw-r--
2022-10-31 11:36
mail.lo
316
B
-rw-r--r--
2024-03-12 14:31
mail.o
170.32
KB
-rw-r--r--
2024-03-12 14:31
math.c
30.06
KB
-rw-rw-r--
2022-10-31 11:36
math.lo
316
B
-rw-r--r--
2024-03-12 14:31
math.o
263.9
KB
-rw-r--r--
2024-03-12 14:31
md5.c
10.91
KB
-rw-rw-r--
2022-10-31 11:36
md5.h
2.1
KB
-rw-rw-r--
2022-10-31 11:36
md5.lo
313
B
-rw-r--r--
2024-03-12 14:31
md5.o
104.06
KB
-rw-r--r--
2024-03-12 14:31
metaphone.c
11.96
KB
-rw-rw-r--
2022-10-31 11:36
metaphone.lo
331
B
-rw-r--r--
2024-03-12 14:31
metaphone.o
170.27
KB
-rw-r--r--
2024-03-12 14:31
microtime.c
4.29
KB
-rw-rw-r--
2022-10-31 11:36
microtime.h
1.32
KB
-rw-rw-r--
2022-10-31 11:36
microtime.lo
331
B
-rw-r--r--
2024-03-12 14:31
microtime.o
87.61
KB
-rw-r--r--
2024-03-12 14:31
mt_rand.c
10.84
KB
-rw-rw-r--
2022-10-31 11:36
mt_rand.lo
325
B
-rw-r--r--
2024-03-12 14:31
mt_rand.o
94.95
KB
-rw-r--r--
2024-03-12 14:31
net.c
8.97
KB
-rw-rw-r--
2022-10-31 11:36
net.lo
313
B
-rw-r--r--
2024-03-12 14:32
net.o
85.18
KB
-rw-r--r--
2024-03-12 14:32
pack.c
31.5
KB
-rw-rw-r--
2022-10-31 11:36
pack.h
1.24
KB
-rw-rw-r--
2022-10-31 11:36
pack.lo
316
B
-rw-r--r--
2024-03-12 14:31
pack.o
149.25
KB
-rw-r--r--
2024-03-12 14:31
pageinfo.c
3.72
KB
-rw-rw-r--
2022-10-31 11:36
pageinfo.h
1.42
KB
-rw-rw-r--
2022-10-31 11:36
pageinfo.lo
328
B
-rw-r--r--
2024-03-12 14:31
pageinfo.o
84.04
KB
-rw-r--r--
2024-03-12 14:31
password.c
21.94
KB
-rw-rw-r--
2022-10-31 11:36
password.lo
328
B
-rw-r--r--
2024-03-12 14:32
password.o
142.6
KB
-rw-r--r--
2024-03-12 14:32
php_array.h
4.41
KB
-rw-rw-r--
2022-10-31 11:36
php_assert.h
1.38
KB
-rw-rw-r--
2022-10-31 11:36
php_browscap.h
1.28
KB
-rw-rw-r--
2022-10-31 11:36
php_crypt.h
1.54
KB
-rw-rw-r--
2022-10-31 11:36
php_crypt_r.c
10.76
KB
-rw-rw-r--
2022-10-31 11:36
php_crypt_r.h
1.99
KB
-rw-rw-r--
2022-10-31 11:36
php_crypt_r.lo
337
B
-rw-r--r--
2024-03-12 14:30
php_crypt_r.o
80.88
KB
-rw-r--r--
2024-03-12 14:30
php_dir.h
1.66
KB
-rw-rw-r--
2022-10-31 11:36
php_dns.h
2.96
KB
-rw-rw-r--
2022-10-31 11:36
php_ext_syslog.h
1.46
KB
-rw-rw-r--
2022-10-31 11:36
php_filestat.h
3.1
KB
-rw-rw-r--
2022-10-31 11:36
php_fopen_wrapper.c
11.6
KB
-rw-rw-r--
2022-10-31 11:36
php_fopen_wrapper.lo
355
B
-rw-r--r--
2024-03-12 14:31
php_fopen_wrapper.o
114.31
KB
-rw-r--r--
2024-03-12 14:31
php_fopen_wrappers.h
1.94
KB
-rw-rw-r--
2022-10-31 11:36
php_ftok.h
1.22
KB
-rw-rw-r--
2022-10-31 11:36
php_http.h
1.62
KB
-rw-rw-r--
2022-10-31 11:36
php_image.h
2.37
KB
-rw-rw-r--
2022-10-31 11:36
php_incomplete_class.h
2.24
KB
-rw-rw-r--
2022-10-31 11:36
php_iptc.h
1.23
KB
-rw-rw-r--
2022-10-31 11:36
php_lcg.h
1.48
KB
-rw-rw-r--
2022-10-31 11:36
php_link.h
1.33
KB
-rw-rw-r--
2022-10-31 11:36
php_mail.h
2.37
KB
-rw-rw-r--
2022-10-31 11:36
php_math.h
4.65
KB
-rw-rw-r--
2022-10-31 11:36
php_metaphone.h
1.2
KB
-rw-rw-r--
2022-10-31 11:36
php_mt_rand.h
1.96
KB
-rw-rw-r--
2022-10-31 11:36
php_net.h
1.32
KB
-rw-rw-r--
2022-10-31 11:36
php_password.h
3.07
KB
-rw-rw-r--
2022-10-31 11:36
php_rand.h
3.14
KB
-rw-rw-r--
2022-10-31 11:36
php_random.h
2.07
KB
-rw-rw-r--
2022-10-31 11:36
php_smart_string.h
1.28
KB
-rw-rw-r--
2022-10-31 11:36
php_smart_string_public.h
1.29
KB
-rw-rw-r--
2022-10-31 11:36
php_standard.h
2.24
KB
-rw-rw-r--
2022-10-31 11:36
php_string.h
5.94
KB
-rw-rw-r--
2022-10-31 11:36
php_type.h
1.62
KB
-rw-rw-r--
2022-10-31 11:36
php_uuencode.h
1.38
KB
-rw-rw-r--
2022-10-31 11:36
php_var.h
3.61
KB
-rw-rw-r--
2022-10-31 11:36
php_versioning.h
1.36
KB
-rw-rw-r--
2022-10-31 11:36
proc_open.c
31.34
KB
-rw-rw-r--
2022-10-31 11:36
proc_open.h
1.74
KB
-rw-rw-r--
2022-10-31 11:36
proc_open.lo
331
B
-rw-r--r--
2024-03-12 14:32
proc_open.o
159.39
KB
-rw-r--r--
2024-03-12 14:32
quot_print.c
7.29
KB
-rw-rw-r--
2022-10-31 11:36
quot_print.h
1.45
KB
-rw-rw-r--
2022-10-31 11:36
quot_print.lo
334
B
-rw-r--r--
2024-03-12 14:31
quot_print.o
90.55
KB
-rw-r--r--
2024-03-12 14:31
rand.c
2.41
KB
-rw-rw-r--
2022-10-31 11:36
rand.lo
316
B
-rw-r--r--
2024-03-12 14:31
rand.o
79.04
KB
-rw-r--r--
2024-03-12 14:31
random.c
7.49
KB
-rw-rw-r--
2022-10-31 11:36
random.lo
322
B
-rw-r--r--
2024-03-12 14:32
random.o
88.59
KB
-rw-r--r--
2024-03-12 14:32
scanf.c
28.81
KB
-rw-rw-r--
2022-10-31 11:36
scanf.h
2.24
KB
-rw-rw-r--
2022-10-31 11:36
scanf.lo
319
B
-rw-r--r--
2024-03-12 14:31
scanf.o
122.94
KB
-rw-r--r--
2024-03-12 14:31
sha1.c
11.44
KB
-rw-rw-r--
2022-10-31 11:36
sha1.h
1.69
KB
-rw-rw-r--
2022-10-31 11:36
sha1.lo
316
B
-rw-r--r--
2024-03-12 14:31
sha1.o
118.13
KB
-rw-r--r--
2024-03-12 14:31
soundex.c
3.16
KB
-rw-rw-r--
2022-10-31 11:36
soundex.lo
325
B
-rw-r--r--
2024-03-12 14:31
soundex.o
77.52
KB
-rw-r--r--
2024-03-12 14:31
streamsfuncs.c
46.41
KB
-rw-rw-r--
2022-10-31 11:36
streamsfuncs.h
2.73
KB
-rw-rw-r--
2022-10-31 11:36
streamsfuncs.lo
340
B
-rw-r--r--
2024-03-12 14:32
streamsfuncs.o
341.69
KB
-rw-r--r--
2024-03-12 14:32
string.c
154.56
KB
-rw-rw-r--
2022-10-31 11:36
string.lo
322
B
-rw-r--r--
2024-03-12 14:31
string.o
871.95
KB
-rw-r--r--
2024-03-12 14:31
strnatcmp.c
4.34
KB
-rw-rw-r--
2022-10-31 11:36
strnatcmp.lo
331
B
-rw-r--r--
2024-03-12 14:31
strnatcmp.o
71.72
KB
-rw-r--r--
2024-03-12 14:31
syslog.c
6.37
KB
-rw-rw-r--
2022-10-31 11:36
syslog.lo
322
B
-rw-r--r--
2024-03-12 14:31
syslog.o
96.32
KB
-rw-r--r--
2024-03-12 14:31
type.c
10.17
KB
-rw-rw-r--
2022-10-31 11:36
type.lo
316
B
-rw-r--r--
2024-03-12 14:31
type.o
130.52
KB
-rw-r--r--
2024-03-12 14:31
uniqid.c
2.65
KB
-rw-rw-r--
2022-10-31 11:36
uniqid.h
1.23
KB
-rw-rw-r--
2022-10-31 11:36
uniqid.lo
322
B
-rw-r--r--
2024-03-12 14:31
uniqid.o
81.45
KB
-rw-r--r--
2024-03-12 14:31
url.c
17.75
KB
-rw-rw-r--
2022-10-31 11:36
url.h
2.39
KB
-rw-rw-r--
2022-10-31 11:36
url.lo
313
B
-rw-r--r--
2024-03-12 14:31
url.o
157.62
KB
-rw-r--r--
2024-03-12 14:31
url_scanner_ex.c
39.41
KB
-rw-r--r--
2022-10-31 11:36
url_scanner_ex.h
2.44
KB
-rw-rw-r--
2022-10-31 11:36
url_scanner_ex.lo
346
B
-rw-r--r--
2024-03-12 14:31
url_scanner_ex.o
322.59
KB
-rw-r--r--
2024-03-12 14:31
url_scanner_ex.re
27.65
KB
-rw-rw-r--
2022-10-31 11:36
user_filters.c
17.55
KB
-rw-rw-r--
2022-10-31 11:36
user_filters.lo
340
B
-rw-r--r--
2024-03-12 14:31
user_filters.o
142.52
KB
-rw-r--r--
2024-03-12 14:31
uuencode.c
6.62
KB
-rw-rw-r--
2022-10-31 11:36
uuencode.lo
328
B
-rw-r--r--
2024-03-12 14:31
uuencode.o
85.96
KB
-rw-r--r--
2024-03-12 14:31
var.c
37.8
KB
-rw-rw-r--
2022-10-31 11:36
var.lo
313
B
-rw-r--r--
2024-03-12 14:31
var.o
399.8
KB
-rw-r--r--
2024-03-12 14:31
var_unserializer.c
38.52
KB
-rw-r--r--
2022-10-31 11:36
var_unserializer.lo
352
B
-rw-r--r--
2024-03-12 14:31
var_unserializer.o
244.13
KB
-rw-r--r--
2024-03-12 14:31
var_unserializer.re
30.81
KB
-rw-rw-r--
2022-10-31 11:36
versioning.c
5.76
KB
-rw-rw-r--
2022-10-31 11:36
versioning.lo
334
B
-rw-r--r--
2024-03-12 14:31
versioning.o
95.11
KB
-rw-r--r--
2024-03-12 14:31
winver.h
6.23
KB
-rw-rw-r--
2022-10-31 11:36
Save
Rename
/* +----------------------------------------------------------------------+ | PHP Version 7 | +----------------------------------------------------------------------+ | Copyright (c) The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.php.net/license/3_01.txt | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Authors: Anthony Ferrara <ircmaxell@php.net> | | Charles R. Portwood II <charlesportwoodii@erianna.com> | +----------------------------------------------------------------------+ */ #include <stdlib.h> #include "php.h" #include "fcntl.h" #include "php_password.h" #include "php_rand.h" #include "php_crypt.h" #include "base64.h" #include "zend_interfaces.h" #include "info.h" #include "php_random.h" #if HAVE_ARGON2LIB #include "argon2.h" #endif #ifdef PHP_WIN32 #include "win32/winutil.h" #endif static zend_array php_password_algos; int php_password_algo_register(const char *ident, const php_password_algo *algo) { zval zalgo; ZVAL_PTR(&zalgo, (php_password_algo*)algo); if (zend_hash_str_add(&php_password_algos, ident, strlen(ident), &zalgo)) { return SUCCESS; } return FAILURE; } void php_password_algo_unregister(const char *ident) { zend_hash_str_del(&php_password_algos, ident, strlen(ident)); } static int php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ { size_t i = 0; for (i = 0; i < len; i++) { if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { return FAILURE; } } return SUCCESS; } /* }}} */ static int php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ { size_t pos = 0; zend_string *buffer; if ((int) str_len < 0) { return FAILURE; } buffer = php_base64_encode((unsigned char*) str, str_len); if (ZSTR_LEN(buffer) < out_len) { /* Too short of an encoded string generated */ zend_string_release_ex(buffer, 0); return FAILURE; } for (pos = 0; pos < out_len; pos++) { if (ZSTR_VAL(buffer)[pos] == '+') { ret[pos] = '.'; } else if (ZSTR_VAL(buffer)[pos] == '=') { zend_string_free(buffer); return FAILURE; } else { ret[pos] = ZSTR_VAL(buffer)[pos]; } } zend_string_free(buffer); return SUCCESS; } /* }}} */ static zend_string* php_password_make_salt(size_t length) /* {{{ */ { zend_string *ret, *buffer; if (length > (INT_MAX / 3)) { php_error_docref(NULL, E_WARNING, "Length is too large to safely generate"); return NULL; } buffer = zend_string_alloc(length * 3 / 4 + 1, 0); if (FAILURE == php_random_bytes_silent(ZSTR_VAL(buffer), ZSTR_LEN(buffer))) { php_error_docref(NULL, E_WARNING, "Unable to generate salt"); zend_string_release_ex(buffer, 0); return NULL; } ret = zend_string_alloc(length, 0); if (php_password_salt_to64(ZSTR_VAL(buffer), ZSTR_LEN(buffer), length, ZSTR_VAL(ret)) == FAILURE) { php_error_docref(NULL, E_WARNING, "Generated salt too short"); zend_string_release_ex(buffer, 0); zend_string_release_ex(ret, 0); return NULL; } zend_string_release_ex(buffer, 0); ZSTR_VAL(ret)[length] = 0; return ret; } /* }}} */ static zend_string* php_password_get_salt(zval *unused_, size_t required_salt_len, HashTable *options) { zend_string *buffer; zval *option_buffer; if (!options || !(option_buffer = zend_hash_str_find(options, "salt", sizeof("salt") - 1))) { return php_password_make_salt(required_salt_len); } php_error_docref(NULL, E_DEPRECATED, "Use of the 'salt' option to password_hash is deprecated"); switch (Z_TYPE_P(option_buffer)) { case IS_STRING: buffer = zend_string_copy(Z_STR_P(option_buffer)); break; case IS_LONG: case IS_DOUBLE: case IS_OBJECT: buffer = zval_try_get_string(option_buffer); if (UNEXPECTED(!buffer)) { return NULL; } break; case IS_FALSE: case IS_TRUE: case IS_NULL: case IS_RESOURCE: case IS_ARRAY: default: php_error_docref(NULL, E_WARNING, "Non-string salt parameter supplied"); return NULL; } /* XXX all the crypt related APIs work with int for string length. That should be revised for size_t and then we maybe don't require the > INT_MAX check. */ if (ZEND_SIZE_T_INT_OVFL(ZSTR_LEN(buffer))) { php_error_docref(NULL, E_WARNING, "Supplied salt is too long"); zend_string_release_ex(buffer, 0); return NULL; } if (ZSTR_LEN(buffer) < required_salt_len) { php_error_docref(NULL, E_WARNING, "Provided salt is too short: %zd expecting %zd", ZSTR_LEN(buffer), required_salt_len); zend_string_release_ex(buffer, 0); return NULL; } if (php_password_salt_is_alphabet(ZSTR_VAL(buffer), ZSTR_LEN(buffer)) == FAILURE) { zend_string *salt = zend_string_alloc(required_salt_len, 0); if (php_password_salt_to64(ZSTR_VAL(buffer), ZSTR_LEN(buffer), required_salt_len, ZSTR_VAL(salt)) == FAILURE) { php_error_docref(NULL, E_WARNING, "Provided salt is too short: %zd", ZSTR_LEN(buffer)); zend_string_release_ex(salt, 0); zend_string_release_ex(buffer, 0); return NULL; } zend_string_release_ex(buffer, 0); return salt; } else { zend_string *salt = zend_string_alloc(required_salt_len, 0); memcpy(ZSTR_VAL(salt), ZSTR_VAL(buffer), required_salt_len); zend_string_release_ex(buffer, 0); return salt; } } /* bcrypt implementation */ static zend_bool php_password_bcrypt_valid(const zend_string *hash) { const char *h = ZSTR_VAL(hash); return (ZSTR_LEN(hash) == 60) && (h[0] == '$') && (h[1] == '2') && (h[2] == 'y'); } static int php_password_bcrypt_get_info(zval *return_value, const zend_string *hash) { zend_long cost = PHP_PASSWORD_BCRYPT_COST; if (!php_password_bcrypt_valid(hash)) { /* Should never get called this way. */ return FAILURE; } sscanf(ZSTR_VAL(hash), "$2y$" ZEND_LONG_FMT "$", &cost); add_assoc_long(return_value, "cost", cost); return SUCCESS; } static zend_bool php_password_bcrypt_needs_rehash(const zend_string *hash, zend_array *options) { zval *znew_cost; zend_long old_cost = PHP_PASSWORD_BCRYPT_COST; zend_long new_cost = PHP_PASSWORD_BCRYPT_COST; if (!php_password_bcrypt_valid(hash)) { /* Should never get called this way. */ return 1; } sscanf(ZSTR_VAL(hash), "$2y$" ZEND_LONG_FMT "$", &old_cost); if (options && (znew_cost = zend_hash_str_find(options, "cost", sizeof("cost")-1)) != NULL) { new_cost = zval_get_long(znew_cost); } return old_cost != new_cost; } static zend_bool php_password_bcrypt_verify(const zend_string *password, const zend_string *hash) { size_t i; int status = 0; zend_string *ret = php_crypt(ZSTR_VAL(password), (int)ZSTR_LEN(password), ZSTR_VAL(hash), (int)ZSTR_LEN(hash), 1); if (!ret) { return 0; } if (ZSTR_LEN(ret) != ZSTR_LEN(hash) || ZSTR_LEN(hash) < 13) { zend_string_free(ret); return 0; } /* We're using this method instead of == in order to provide * resistance towards timing attacks. This is a constant time * equality check that will always check every byte of both * values. */ for (i = 0; i < ZSTR_LEN(hash); i++) { status |= (ZSTR_VAL(ret)[i] ^ ZSTR_VAL(hash)[i]); } zend_string_free(ret); return status == 0; } static zend_string* php_password_bcrypt_hash(const zend_string *password, zend_array *options) { char hash_format[10]; size_t hash_format_len; zend_string *result, *hash, *salt; zval *zcost; zend_long cost = PHP_PASSWORD_BCRYPT_COST; if (options && (zcost = zend_hash_str_find(options, "cost", sizeof("cost")-1)) != NULL) { cost = zval_get_long(zcost); } if (cost < 4 || cost > 31) { php_error_docref(NULL, E_WARNING, "Invalid bcrypt cost parameter specified: " ZEND_LONG_FMT, cost); return NULL; } hash_format_len = snprintf(hash_format, sizeof(hash_format), "$2y$%02" ZEND_LONG_FMT_SPEC "$", cost); if (!(salt = php_password_get_salt(NULL, Z_UL(22), options))) { return NULL; } ZSTR_VAL(salt)[ZSTR_LEN(salt)] = 0; hash = zend_string_alloc(ZSTR_LEN(salt) + hash_format_len, 0); sprintf(ZSTR_VAL(hash), "%s%s", hash_format, ZSTR_VAL(salt)); ZSTR_VAL(hash)[hash_format_len + ZSTR_LEN(salt)] = 0; zend_string_release_ex(salt, 0); /* This cast is safe, since both values are defined here in code and cannot overflow */ result = php_crypt(ZSTR_VAL(password), (int)ZSTR_LEN(password), ZSTR_VAL(hash), (int)ZSTR_LEN(hash), 1); zend_string_release_ex(hash, 0); if (!result) { return NULL; } if (ZSTR_LEN(result) < 13) { zend_string_free(result); return NULL; } return result; } const php_password_algo php_password_algo_bcrypt = { "bcrypt", php_password_bcrypt_hash, php_password_bcrypt_verify, php_password_bcrypt_needs_rehash, php_password_bcrypt_get_info, php_password_bcrypt_valid, }; #if HAVE_ARGON2LIB /* argon2i/argon2id shared implementation */ static int extract_argon2_parameters(const zend_string *hash, zend_long *v, zend_long *memory_cost, zend_long *time_cost, zend_long *threads) /* {{{ */ { const char *p = ZSTR_VAL(hash); if (!hash || (ZSTR_LEN(hash) < sizeof("$argon2id$"))) { return FAILURE; } if (!memcmp(p, "$argon2i$", sizeof("$argon2i$") - 1)) { p += sizeof("$argon2i$") - 1; } else if (!memcmp(p, "$argon2id$", sizeof("$argon2id$") - 1)) { p += sizeof("$argon2id$") - 1; } else { return FAILURE; } sscanf(p, "v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, v, memory_cost, time_cost, threads); return SUCCESS; } /* }}} */ static int php_password_argon2_get_info(zval *return_value, const zend_string *hash) { zend_long v = 0; zend_long memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; zend_long time_cost = PHP_PASSWORD_ARGON2_TIME_COST; zend_long threads = PHP_PASSWORD_ARGON2_THREADS; extract_argon2_parameters(hash, &v, &memory_cost, &time_cost, &threads); add_assoc_long(return_value, "memory_cost", memory_cost); add_assoc_long(return_value, "time_cost", time_cost); add_assoc_long(return_value, "threads", threads); return SUCCESS; } static zend_bool php_password_argon2_needs_rehash(const zend_string *hash, zend_array *options) { zend_long v = 0; zend_long new_memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST, memory_cost = 0; zend_long new_time_cost = PHP_PASSWORD_ARGON2_TIME_COST, time_cost = 0; zend_long new_threads = PHP_PASSWORD_ARGON2_THREADS, threads = 0; zval *option_buffer; if (options && (option_buffer = zend_hash_str_find(options, "memory_cost", sizeof("memory_cost")-1)) != NULL) { new_memory_cost = zval_get_long(option_buffer); } if (options && (option_buffer = zend_hash_str_find(options, "time_cost", sizeof("time_cost")-1)) != NULL) { new_time_cost = zval_get_long(option_buffer); } if (options && (option_buffer = zend_hash_str_find(options, "threads", sizeof("threads")-1)) != NULL) { new_threads = zval_get_long(option_buffer); } extract_argon2_parameters(hash, &v, &memory_cost, &time_cost, &threads); return (new_time_cost != time_cost) || (new_memory_cost != memory_cost) || (new_threads != threads); } static zend_string *php_password_argon2_hash(const zend_string *password, zend_array *options, argon2_type type) { zval *option_buffer; zend_string *salt, *out, *encoded; size_t time_cost = PHP_PASSWORD_ARGON2_TIME_COST; size_t memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; size_t threads = PHP_PASSWORD_ARGON2_THREADS; size_t encoded_len; int status = 0; if (options && (option_buffer = zend_hash_str_find(options, "memory_cost", sizeof("memory_cost")-1)) != NULL) { memory_cost = zval_get_long(option_buffer); } if (memory_cost > ARGON2_MAX_MEMORY || memory_cost < ARGON2_MIN_MEMORY) { php_error_docref(NULL, E_WARNING, "Memory cost is outside of allowed memory range"); return NULL; } if (options && (option_buffer = zend_hash_str_find(options, "time_cost", sizeof("time_cost")-1)) != NULL) { time_cost = zval_get_long(option_buffer); } if (time_cost > ARGON2_MAX_TIME || time_cost < ARGON2_MIN_TIME) { php_error_docref(NULL, E_WARNING, "Time cost is outside of allowed time range"); return NULL; } if (options && (option_buffer = zend_hash_str_find(options, "threads", sizeof("threads")-1)) != NULL) { threads = zval_get_long(option_buffer); } if (threads > ARGON2_MAX_LANES || threads == 0) { php_error_docref(NULL, E_WARNING, "Invalid number of threads"); return NULL; } if (!(salt = php_password_get_salt(NULL, Z_UL(16), options))) { return NULL; } out = zend_string_alloc(32, 0); encoded_len = argon2_encodedlen( time_cost, memory_cost, threads, (uint32_t)ZSTR_LEN(salt), ZSTR_LEN(out), type ); encoded = zend_string_alloc(encoded_len - 1, 0); status = argon2_hash( time_cost, memory_cost, threads, ZSTR_VAL(password), ZSTR_LEN(password), ZSTR_VAL(salt), ZSTR_LEN(salt), ZSTR_VAL(out), ZSTR_LEN(out), ZSTR_VAL(encoded), encoded_len, type, ARGON2_VERSION_NUMBER ); zend_string_release_ex(out, 0); zend_string_release_ex(salt, 0); if (status != ARGON2_OK) { zend_string_efree(encoded); php_error_docref(NULL, E_WARNING, "%s", argon2_error_message(status)); return NULL; } ZSTR_VAL(encoded)[ZSTR_LEN(encoded)] = 0; return encoded; } /* argon2i specific methods */ static zend_bool php_password_argon2i_verify(const zend_string *password, const zend_string *hash) { return ARGON2_OK == argon2_verify(ZSTR_VAL(hash), ZSTR_VAL(password), ZSTR_LEN(password), Argon2_i); } static zend_string *php_password_argon2i_hash(const zend_string *password, zend_array *options) { return php_password_argon2_hash(password, options, Argon2_i); } const php_password_algo php_password_algo_argon2i = { "argon2i", php_password_argon2i_hash, php_password_argon2i_verify, php_password_argon2_needs_rehash, php_password_argon2_get_info, NULL, }; /* argon2id specific methods */ static zend_bool php_password_argon2id_verify(const zend_string *password, const zend_string *hash) { return ARGON2_OK == argon2_verify(ZSTR_VAL(hash), ZSTR_VAL(password), ZSTR_LEN(password), Argon2_id); } static zend_string *php_password_argon2id_hash(const zend_string *password, zend_array *options) { return php_password_argon2_hash(password, options, Argon2_id); } const php_password_algo php_password_algo_argon2id = { "argon2id", php_password_argon2id_hash, php_password_argon2id_verify, php_password_argon2_needs_rehash, php_password_argon2_get_info, NULL, }; #endif PHP_MINIT_FUNCTION(password) /* {{{ */ { zend_hash_init(&php_password_algos, 4, NULL, ZVAL_PTR_DTOR, 1); REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", "2y", CONST_CS | CONST_PERSISTENT); if (FAILURE == php_password_algo_register("2y", &php_password_algo_bcrypt)) { return FAILURE; } REGISTER_STRING_CONSTANT("PASSWORD_BCRYPT", "2y", CONST_CS | CONST_PERSISTENT); #if HAVE_ARGON2LIB if (FAILURE == php_password_algo_register("argon2i", &php_password_algo_argon2i)) { return FAILURE; } REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_CS | CONST_PERSISTENT); if (FAILURE == php_password_algo_register("argon2id", &php_password_algo_argon2id)) { return FAILURE; } REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_CS | CONST_PERSISTENT); #endif REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_CS | CONST_PERSISTENT); #if HAVE_ARGON2LIB REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_PASSWORD_ARGON2_MEMORY_COST, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_PASSWORD_ARGON2_TIME_COST, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_PASSWORD_ARGON2_THREADS, CONST_CS | CONST_PERSISTENT); REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "standard", CONST_CS | CONST_PERSISTENT); #endif return SUCCESS; } /* }}} */ PHP_MSHUTDOWN_FUNCTION(password) /* {{{ */ { #ifdef ZTS if (!tsrm_is_main_thread()) { return SUCCESS; } #endif zend_hash_destroy(&php_password_algos); return SUCCESS; } /* }}} */ const php_password_algo* php_password_algo_default() { return &php_password_algo_bcrypt; } const php_password_algo* php_password_algo_find(const zend_string *ident) { zval *tmp; if (!ident) { return NULL; } tmp = zend_hash_find(&php_password_algos, (zend_string*)ident); if (!tmp || (Z_TYPE_P(tmp) != IS_PTR)) { return NULL; } return Z_PTR_P(tmp); } static const php_password_algo* php_password_algo_find_zval_ex(zval *arg, const php_password_algo* default_algo) { if (!arg || (Z_TYPE_P(arg) == IS_NULL)) { return default_algo; } if (Z_TYPE_P(arg) == IS_LONG) { switch (Z_LVAL_P(arg)) { case 0: return default_algo; case 1: return &php_password_algo_bcrypt; #if HAVE_ARGON2LIB case 2: return &php_password_algo_argon2i; case 3: return &php_password_algo_argon2id; #else case 2: { zend_string *n = zend_string_init("argon2i", sizeof("argon2i")-1, 0); const php_password_algo* ret = php_password_algo_find(n); zend_string_release(n); return ret; } case 3: { zend_string *n = zend_string_init("argon2id", sizeof("argon2id")-1, 0); const php_password_algo* ret = php_password_algo_find(n); zend_string_release(n); return ret; } #endif } return NULL; } if (Z_TYPE_P(arg) != IS_STRING) { return NULL; } return php_password_algo_find(Z_STR_P(arg)); } static const php_password_algo* php_password_algo_find_zval(zval *arg) { return php_password_algo_find_zval_ex(arg, php_password_algo_default()); } zend_string *php_password_algo_extract_ident(const zend_string* hash) { const char *ident, *ident_end; if (!hash || ZSTR_LEN(hash) < 3) { /* Minimum prefix: "$x$" */ return NULL; } ident = ZSTR_VAL(hash) + 1; ident_end = strchr(ident, '$'); if (!ident_end) { /* No terminating '$' */ return NULL; } return zend_string_init(ident, ident_end - ident, 0); } const php_password_algo* php_password_algo_identify_ex(const zend_string* hash, const php_password_algo *default_algo) { const php_password_algo *algo; zend_string *ident = php_password_algo_extract_ident(hash); if (!ident) { return default_algo; } algo = php_password_algo_find(ident); zend_string_release(ident); return (!algo || (algo->valid && !algo->valid(hash))) ? default_algo : algo; } /* {{{ proto array password_get_info(string $hash) Retrieves information about a given hash */ PHP_FUNCTION(password_get_info) { const php_password_algo *algo; zend_string *hash, *ident; zval options; ZEND_PARSE_PARAMETERS_START(1, 1) Z_PARAM_STR(hash) ZEND_PARSE_PARAMETERS_END(); array_init(return_value); array_init(&options); ident = php_password_algo_extract_ident(hash); algo = php_password_algo_find(ident); if (!algo || (algo->valid && !algo->valid(hash))) { if (ident) { zend_string_release(ident); } add_assoc_null(return_value, "algo"); add_assoc_string(return_value, "algoName", "unknown"); add_assoc_zval(return_value, "options", &options); return; } add_assoc_str(return_value, "algo", php_password_algo_extract_ident(hash)); zend_string_release(ident); add_assoc_string(return_value, "algoName", algo->name); if (algo->get_info && (FAILURE == algo->get_info(&options, hash))) { zval_dtor(&options); zval_dtor(return_value); RETURN_NULL(); } add_assoc_zval(return_value, "options", &options); } /** }}} */ /* {{{ proto bool password_needs_rehash(string $hash, mixed $algo[, array $options]) Determines if a given hash requires re-hashing based upon parameters */ PHP_FUNCTION(password_needs_rehash) { const php_password_algo *old_algo, *new_algo; zend_string *hash; zval *znew_algo; zend_array *options = 0; ZEND_PARSE_PARAMETERS_START(2, 3) Z_PARAM_STR(hash) Z_PARAM_ZVAL(znew_algo) Z_PARAM_OPTIONAL Z_PARAM_ARRAY_OR_OBJECT_HT(options) ZEND_PARSE_PARAMETERS_END(); new_algo = php_password_algo_find_zval(znew_algo); if (!new_algo) { /* Unknown new algorithm, never prompt to rehash. */ RETURN_FALSE; } old_algo = php_password_algo_identify_ex(hash, NULL); if (old_algo != new_algo) { /* Different algorithm preferred, always rehash. */ RETURN_TRUE; } RETURN_BOOL(old_algo->needs_rehash(hash, options)); } /* }}} */ /* {{{ proto bool password_verify(string password, string hash) Verify a hash created using crypt() or password_hash() */ PHP_FUNCTION(password_verify) { zend_string *password, *hash; const php_password_algo *algo; ZEND_PARSE_PARAMETERS_START(2, 2) Z_PARAM_STR(password) Z_PARAM_STR(hash) ZEND_PARSE_PARAMETERS_END_EX(RETURN_FALSE); algo = php_password_algo_identify(hash); RETURN_BOOL(algo && (!algo->verify || algo->verify(password, hash))); } /* }}} */ /* {{{ proto string password_hash(string password, mixed algo[, array options = array()]) Hash a password */ PHP_FUNCTION(password_hash) { zend_string *password, *digest = NULL; zval *zalgo; const php_password_algo *algo; zend_array *options = NULL; ZEND_PARSE_PARAMETERS_START(2, 3) Z_PARAM_STR(password) Z_PARAM_ZVAL(zalgo) Z_PARAM_OPTIONAL Z_PARAM_ARRAY_OR_OBJECT_HT(options) ZEND_PARSE_PARAMETERS_END(); algo = php_password_algo_find_zval(zalgo); if (!algo) { zend_string *algostr = zval_get_string(zalgo); php_error_docref(NULL, E_WARNING, "Unknown password hashing algorithm: %s", ZSTR_VAL(algostr)); zend_string_release(algostr); RETURN_NULL(); } digest = algo->hash(password, options); if (!digest) { /* algo->hash should have raised an error. */ RETURN_NULL(); } RETURN_NEW_STR(digest); } /* }}} */ /* {{{ proto array password_algos() */ PHP_FUNCTION(password_algos) { zend_string *algo; ZEND_PARSE_PARAMETERS_NONE(); array_init(return_value); ZEND_HASH_FOREACH_STR_KEY(&php_password_algos, algo) { add_next_index_str(return_value, zend_string_copy(algo)); } ZEND_HASH_FOREACH_END(); } /* }}} */