From f8384b7302ca27aec0064f7d927a732e4e4552da Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Thu, 17 Mar 2011 23:59:38 +0100 Subject: [PATCH 1/2] [ticket/10101] Add support for native phpass hashes phpass (the hashing library we use) adds a hash identifier to every hash. By default this identifier is '$P$'. For some reason we have changed it to '$H$'. This patch allows both of them to be used for authentication, so that a third party system could create users with '$P$' hashes. PHPBB3-10101 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 2fc7ca6903..d6330f6d85 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -516,7 +516,7 @@ function _hash_crypt_private($password, $setting, &$itoa64) $output = '*'; // Check for correct hash - if (substr($setting, 0, 3) != '$H$') + if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$') { return $output; } From 4c3cc152c81af57ec0a25bfee5da4964309a3aa5 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Sun, 20 Mar 2011 22:52:31 +0100 Subject: [PATCH 2/2] [ticket/10101] Add test case for native phpass hashes PHPBB3-10101 --- tests/security/hash_test.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 tests/security/hash_test.php diff --git a/tests/security/hash_test.php b/tests/security/hash_test.php new file mode 100644 index 0000000000..19a3822145 --- /dev/null +++ b/tests/security/hash_test.php @@ -0,0 +1,21 @@ +assertTrue(phpbb_check_hash('test', '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1')); + $this->assertTrue(phpbb_check_hash('test', '$P$9isfrtKXWqrz8PvztXlL3.daw4U0zI1')); + $this->assertFalse(phpbb_check_hash('foo', '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1')); + } +} +