mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 07:27:17 +02:00
Code Issues Releases Wiki Activity

[feature/passwords] Add combined hashing method to helper

Browse Source 
This will allow to hash a previously hashed password with another hashing
method, i.e. as upgrade path from phpBB 3.0 to 3.1.

PHPBB3-11610
This commit is contained in:
Marc Alexander 2013-06-27 14:28:06 +02:00
parent c67f7dba60
commit dc76146cef
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
phpBB/includes/crypto/helper.php
View File

@ -66,6 +66,41 @@ class phpbb_crypto_helper
return $output;
}
/**
* Create combined hash from already hashed password
*
* @param string $password_hash Complete current password hash
* @param string $type Type of the hashing algorithm the password hash
* should be combined with
* @return string|bool Combined password hash if combined hashing was
* successful, else false
*/
public function combined_hash_password($password_hash, $type)
{
$data = array(
'prefix' => '$',
'settings' => '$',
);
$hash_settings = $this->get_combined_hash_settings($password_hash);
$hash = $hash_settings[0];
// Put settings of current hash into data array
$stored_hash_type = $this->manager->get_hashing_algorithm($password_hash);
$this->combine_hash_output($data, 'prefix', $stored_hash_type->get_prefix());
$this->combine_hash_output($data, 'settings', $stored_hash_type->get_settings_only($password_hash));
// Hash current hash with the defined types
foreach ($type as $cur_type)
{
$new_hash_type = $this->container->get($cur_type);
$new_hash = $new_hash_type->hash(str_replace($stored_hash_type->get_settings_only($password_hash), '', $hash));
$this->combine_hash_output($data, 'prefix', $new_hash_type->get_prefix());
$this->combine_hash_output($data, 'settings', substr(str_replace('$', '\\', $new_hash_type->get_settings_only($new_hash, true)), 0));
$hash = str_replace($new_hash_type->get_settings_only($new_hash), '', $this->obtain_hash_only($new_hash));
}
return $this->combine_hash_output($data, 'hash', $hash);
}
/**
* Check combined password hash against the supplied password
*

5
phpBB/includes/crypto/manager.php
View File

@ -163,6 +163,11 @@ class phpbb_crypto_manager
{
$type = ($type === '') ? $this->type : $type;
if (is_array($type))
{
return $this->helper->combined_hash_password($password, $type);
}
$hashing_algorithm = $this->container->get($type);
// Do not support 8-bit characters with $2a$ bcrypt
if ($type === 'crypto.driver.bcrypt' || ($type === 'crypto.driver.bcrypt_2y' && !$hashing_algorithm->is_supported()))