1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
<?php
/**
*
* @package phpBB3
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
namespace phpbb\passwords\driver;
/**
* @package passwords
*/
class bcrypt extends base
{
const PREFIX = '$2a$';
/**
* @inheritdoc
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* @inheritdoc
*/
public function hash($password, $salt = '')
{
// Get prefix of this driver
$prefix = $this->get_prefix();
// Do not support 8-bit characters with $2a$ bcrypt
// Also see http://www.php.net/security/crypt_blowfish.php
if ($prefix === self::PREFIX)
{
if (ord($password[strlen($password)-1]) & 128)
{
return false;
}
}
if ($salt == '')
{
$salt = $prefix . '10$' . $this->get_random_salt();
}
$hash = crypt($password, $salt);
if (strlen($hash) < 60)
{
return false;
}
return $hash;
}
/**
* @inheritdoc
*/
public function check($password, $hash)
{
$salt = substr($hash, 0, 29);
if (strlen($salt) != 29)
{
return false;
}
if ($hash == $this->hash($password, $salt))
{
return true;
}
return false;
}
/**
* Get a random salt value with a length of 22 characters
*
* @return string Salt for password hashing
*/
protected function get_random_salt()
{
return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
}
/**
* @inheritdoc
*/
public function get_settings_only($hash, $full = false)
{
if ($full)
{
$pos = stripos($hash, '$', 1) + 1;
$length = 22 + (strripos($hash, '$') + 1 - $pos);
}
else
{
$pos = strripos($hash, '$') + 1;
$length = 22;
}
return substr($hash, $pos, $length);
}
}
|
GitWeb