The $2a$ prefix is the basic implementation with the $2y$ prefix extending
that class. However, the default hashes for phpBB should be generated with
$2y$ unless the PHP version is older than 5.3.7.
PHPBB3-11610
Combined hashes can be used for i.e. converting already existing
password hashes to bcrypt. While this will not provide the same security
a pure bcrypt hash provides, it will still be significantly more secure
than a standard salted md5.
A combined hash will look as follows:
$H\2y${salted_for_H_prefix}${salt_+_settings_for_2y_prefix}${hash}
The prefixes are seperated by a backslash. Individual settings (which
can include either just the salt or a salt and possible additional settings)
are seperated by dollar signs. As backslashes and dollar signs are not
allowed in hashes or salts, they will be used for seperating the settings
from the salt.
Here is an example of a password hash:
$H\2a$9zv1uIaq1$10\1ff4640409fb96a449c1fO$/oN1O0cdUmFSMZT3UZKrgAyalhnt1LC
The 'H' prefix stands for the salted md5 implementation of phpBB 3.0.
Its settings will be parsed as 9zv1uIaq1 resulting in a hash for the check
as follows:
$H$9zv1uIaq1{hash}
Since the password is used for hashing, the {hash} can be left blank and
will basically be filled by the hashing algorithm. The {hash} will then be
used as password for the next hashing algorithm. In this case that would be
the bcrypt algorithm. The settings are set to 10\1ff4640409fb96a449c1fO which
will be transformed to 10$1ff4640409fb96a449c1fO resulting in a hash like
this for the bcrypt hashing function:
$2a$10$1ff4640409fb96a449c1fO{hash}
The {hash} will again be basically filled by the hashing algorithm.
Afterwards, the {hash} will be extracted from the returned hash and put at
the end of the already known hash settings:
$H\2a$9zv1uIaq1$10\1ff4640409fb96a449c1fO$
If the password is correct, the combined hash will of course be the same
as the stored one.
PHPBB3-11610
Use data-reset-on-edit attribute to reset other inputs
when editing input with data.
Do not unbind event (old code unbound it after one use for
no reason)
PHPBB3-11795
* remotes/upstream/develop-olympus:
[ticket/11831] getAttribute was replaced with attr
[ticket/11831] Update fabpot/goutte to 1.0.*
Conflicts:
phpBB/composer.lock
The file core.js sets up most of the AJAX and jQuery related framework for
phpBB. Due to this, it needs to be included before any other javascript file
in order to ensure that subsequent files can use the phpBB variables and
functions. Currently, it is however loaded with INCLUDEJS in overall_footer
which causes it to be loaded after every other javascript file except for the
style specific ajax.js. This causes every javascript file that is included
before core.js and is using the phpBB AJAX functions or variables to break.
PHPBB3-11809
Now symfony_request is also a service (removed the function
phpbb_create_symfony_request).
Inject symfony request into filesystem
Cleanup for the tests
PHPBB3-11832
# By Nathan Guse (22) and others
# Via Nathan Guse (10) and others
* 'develop' of github.com:phpbb/phpbb3: (39 commits)
[ticket/11843] Added newlines and included numbers in the DEFINE vars test
[ticket/11843] Add checking DEFINE variables with underscores to template_test
[ticket/11843] The twig lexer fixes DEFINE variables with underscores again
[ticket/11727] Fix indentation
[ticket/11727] Fix indentation
[ticket/11745] Correct language, coding guidelines
[ticket/11828] Fix greedy operators in lexer
[ticket/11833] Prevent Twig errors from invalid template loops using BEGINELSE
[ticket/11833] Fix bad template loop
[ticket/11816] !$DOESNT_EXIST test
[ticket/9550] Add the core.viewtopic_post_rowset_data event to viewtopic.php
[ticket/11829] Use report_closed to determine status in MCP report_details
[ticket/11816] Test !$DEFINITION
[ticket/11822] Use namespace lookup order for asset loading
[ticket/11727] Template loader support for safe directories to load files from
[ticket/11816] Fix define/loop checks in IF statements containing parenthesis
[ticket/11373] Use inheritdoc
[ticket/11637] generate_text_for_display on search.php
[ticket/11744] Cast to int
[ticket/11744] Inheritdoc
...
Per suggestion of nickvergessen, I added newlines in the DEFINE variables with
underscores test. Now if the test fails, it's easier to spot which part is
failing. Also added a test for DEFINE variables containing numbers.
PHPBB3-11843
To prevent the underscore in DEFINE variables from being forgotten again,
the template tests now test INCLUDEing a file based on the contents of a
DEFINE variable with underscores in it.
PHPBB3-11843
https://github.com/phpbb/phpbb3/pull/1708 accidentally stopped the twig lexer
from fixing DEFINE variables with underscores in them. This commit restores
that functionality.
PHPBB3-11843
# By Joseph Warner (188) and others
# Via Andreas Fischer (41) and others
* 'develop' of github.com:phpbb/phpbb3: (435 commits)
[ticket/11745] Correct language, coding guidelines
[ticket/11828] Fix greedy operators in lexer
[ticket/11835] Fix ucp_auth_link adding in migration
[prep-release-3.0.12] Remove changelog entry for ticket that was not resolved.
[ticket/develop/11832] Fix path detection
[ticket/11833] Prevent Twig errors from invalid template loops using BEGINELSE
[ticket/11833] Fix bad template loop
[feature/oauth] Fix tabindex
[ticket/11816] !$DOESNT_EXIST test
[ticket/9550] Add the core.viewtopic_post_rowset_data event to viewtopic.php
[ticket/11829] Use report_closed to determine status in MCP report_details
[ticket/11825] Move schema_data.php into includes/ instead of phpbb/
[ticket/11215] Remove unnecessary comment
[ticket/11755] MySQL upgrader out of date
[prep-release-3.0.12] Update Changelog for 3.0.12-RC3 release.
[prep-release-3.0.12] Bumping version number for 3.0.12-RC3.
[ticket/11823] Set up nginx server to match PHP files with characters after .php
[ticket/11812] Fix empty define
[ticket/11818] Update Symfony dependencies to 2.3.*
[feature/oauth] Fix bug on ucp_auth_link related to error display
...
