mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-24 04:08:51 +00:00
[feature/passwords] Add basic bcrypt drivers for $2a$ & $2y$ prefix
The $2a$ prefix is the basic implementation with the $2y$ prefix extending that class. However, the default hashes for phpBB should be generated with $2y$ unless the PHP version is older than 5.3.7. PHPBB3-11610
This commit is contained in:
Marc Alexander
parent
31d2a8ef05
commit
78a8369173
2 changed files with 135 additions and 0 deletions
87
phpBB/includes/crypto/driver/bcrypt.php
Normal file
87
phpBB/includes/crypto/driver/bcrypt.php
Normal file
|
|
@ -0,0 +1,87 @@
|
|||
<?php
|
||||
/**
|
||||
*
|
||||
* @package phpBB3
|
||||
* @copyright (c) 2013 phpBB Group
|
||||
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @ignore
|
||||
*/
|
||||
if (!defined('IN_PHPBB'))
|
||||
{
|
||||
exit;
|
||||
}
|
||||
|
||||
/**
|
||||
* @package crypto
|
||||
*/
|
||||
class phpbb_crypto_driver_bcrypt extends phpbb_crypto_driver_base
|
||||
{
|
||||
const PREFIX = '$2a$';
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function get_prefix()
|
||||
{
|
||||
return self::PREFIX;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function get_type()
|
||||
{
|
||||
return get_class($this);
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function hash($password, $salt = '')
|
||||
{
|
||||
// The 2x and 2y prefixes of bcrypt might not be supported
|
||||
// Revert to 2a if this is the case
|
||||
$prefix = (!$this->is_supported()) ? '$2a$' : self::PREFIX;
|
||||
|
||||
if ($salt == '')
|
||||
{
|
||||
$salt = $prefix . '10$' . $this->get_random_salt();
|
||||
}
|
||||
|
||||
$hash = crypt($password, $salt);
|
||||
return $hash;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function check($password, $hash)
|
||||
{
|
||||
$salt = substr($hash, strpos($hash, '$', 4) + 1, 22);
|
||||
var_dump('bcrypt salt: ' . $salt . ' with length ' . strlen($salt));
|
||||
if (strlen($salt) != 22)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($hash == $this->hash($password, $salt))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a random salt value with a length of 22 characters
|
||||
*
|
||||
* @return string Salt for password hashing
|
||||
*/
|
||||
protected function get_random_salt()
|
||||
{
|
||||
return substr(str_replace('+', '.', bin2hex(openssl_random_pseudo_bytes(22))), 0, 22);
|
||||
}
|
||||
}
|
||||
48
phpBB/includes/crypto/driver/bcrypt_2y.php
Normal file
48
phpBB/includes/crypto/driver/bcrypt_2y.php
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
<?php
|
||||
/**
|
||||
*
|
||||
* @package phpBB3
|
||||
* @copyright (c) 2013 phpBB Group
|
||||
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @ignore
|
||||
*/
|
||||
if (!defined('IN_PHPBB'))
|
||||
{
|
||||
exit;
|
||||
}
|
||||
|
||||
/**
|
||||
* @package crypto
|
||||
*/
|
||||
class phpbb_crypto_driver_bcrypt_2y extends phpbb_crypto_driver_bcrypt
|
||||
{
|
||||
const PREFIX = '$2y$';
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function get_prefix()
|
||||
{
|
||||
return self::PREFIX;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function get_type()
|
||||
{
|
||||
return get_class($this);
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function is_supported()
|
||||
{
|
||||
return (version_compare(PHP_VERSION, '5.3.7', '<')) ? false : true;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue