From f1d29499859a060b8c59a9efbeada74958eee720 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 7 Oct 2013 16:00:52 +0200
Subject: [PATCH] [feature/passwords] Move check for 8-bit characters to bcrypt
 driver

PHPBB3-11610
---
 phpBB/phpbb/passwords/driver/bcrypt.php | 10 ++++++++++
 phpBB/phpbb/passwords/manager.php       | 10 ----------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/phpBB/phpbb/passwords/driver/bcrypt.php b/phpBB/phpbb/passwords/driver/bcrypt.php
index 2f6cc1b381..e29379a36f 100644
--- a/phpBB/phpbb/passwords/driver/bcrypt.php
+++ b/phpBB/phpbb/passwords/driver/bcrypt.php
@@ -41,6 +41,16 @@ class bcrypt extends \phpbb\passwords\driver\base
 		// Revert to 2a if this is the case
 		$prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
 
+		// Do not support 8-bit characters with $2a$ bcrypt
+		// Also see http://www.php.net/security/crypt_blowfish.php
+		if ($prefix === self::PREFIX)
+		{
+			if (ord($password[strlen($password)-1]) & 128)
+			{
+				return false;
+			}
+		}
+
 		if ($salt == '')
 		{
 			$salt = $prefix . '10$' . $this->get_random_salt();
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php
index 6ec9eefaed..0b41d3a8c3 100644
--- a/phpBB/phpbb/passwords/manager.php
+++ b/phpBB/phpbb/passwords/manager.php
@@ -214,16 +214,6 @@ class manager
 			return false;
 		}
 
-		// Do not support 8-bit characters with $2a$ bcrypt
-		// Also see http://www.php.net/security/crypt_blowfish.php
-		if ($type === 'passwords.driver.bcrypt' || ($type === 'passwords.driver.bcrypt_2y' && !$hashing_algorithm->is_supported()))
-		{
-			if (ord($password[strlen($password)-1]) & 128)
-			{
-				return false;
-			}
-		}
-
 		return $hashing_algorithm->hash($password);
 	}