Merge pull request #1716 from marc1706/feature/passwords

[feature/passwords] Add password hashing manager with support for newer hashing algorithms

phpBB/includes/acp/acp_forums.php

@@ -926,7 +926,7 @@ class acp_forums
 	*/
 	function update_forum_data(&$forum_data)
 	{
-		global $db, $user, $cache, $phpbb_root_path, $phpbb_dispatcher;
+		global $db, $user, $cache, $phpbb_root_path, $phpbb_container, $phpbb_dispatcher;
 
 		$errors = array();
 
@@ -1030,7 +1030,10 @@ class acp_forums
 		}
 		else
 		{
-			$forum_data_sql['forum_password'] = phpbb_hash($forum_data_sql['forum_password']);
+			// Instantiate passwords manager
+			$passwords_manager = $phpbb_container->get('passwords.manager');
+
+			$forum_data_sql['forum_password'] = $passwords_manager->hash($forum_data_sql['forum_password']);
 		}
 		unset($forum_data_sql['forum_password_unset']);
 

phpBB/includes/acp/acp_users.php

@@ -824,9 +824,12 @@ class acp_users
 						$error[] = 'FORM_INVALID';
 					}
 
+					// Instantiate passwords manager
+					$passwords_manager = $phpbb_container->get('passwords.manager');
+
 					// Which updates do we need to do?
 					$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
-					$update_password = ($data['new_password'] && !phpbb_check_hash($data['new_password'], $user_row['user_password'])) ? true : false;
+					$update_password = $data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password']);
 					$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
 
 					if (!sizeof($error))
@@ -910,7 +913,7 @@ class acp_users
 						if ($update_password)
 						{
 							$sql_ary += array(
-								'user_password'		=> phpbb_hash($data['new_password']),
+								'user_password'		=> $passwords_manager->hash($data['new_password']),
 								'user_passchg'		=> time(),
 								'user_pass_convert'	=> 0,
 							);