mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-23 10:01:55 +02:00
Code Issues Releases Wiki Activity

[feature/passwords] Use passwords manager in phpBB hash functions

Browse Source 
PHPBB3-11610
This commit is contained in:
Marc Alexander
2013-10-02 15:33:17 +02:00
parent afb7d2e616
commit 3aba3235d5
1 changed files with 6 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
phpBB/includes/functions.php
View File

@@ -398,38 +398,10 @@ function still_on_time($extra_time = 15)
*/ */
function phpbb_hash($password) function phpbb_hash($password)
{ {
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; global $phpbb_container;
$random_state = unique_id(); $passwords_manager = $phpbb_container->get('passwords.manager');
$random = ''; return $passwords_manager->hash($password);
$count = 6;
if (($fh = @fopen('/dev/urandom', 'rb')))
{
$random = fread($fh, $count);
fclose($fh);
}
if (strlen($random) < $count)
{
$random = '';
for ($i = 0; $i < $count; $i += 16)
{
$random_state = md5(unique_id() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $count);
}
$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
if (strlen($hash) == 34)
{
return $hash;
}
return md5($password);
} }
/** /**
@@ -442,13 +414,10 @@ function phpbb_hash($password)
*/ */
function phpbb_check_hash($password, $hash) function phpbb_check_hash($password, $hash)
{ {
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; global $phpbb_container;
if (strlen($hash) == 34)
{
return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
}
return (md5($password) === $hash) ? true : false; $passwords_manager = $phpbb_container->get('passwords.manager');
return $passwords_manager->check($password, $hash);
} }
/** /**