Combined hashes can be used for i.e. converting already existing
password hashes to bcrypt. While this will not provide the same security
a pure bcrypt hash provides, it will still be significantly more secure
than a standard salted md5.
A combined hash will look as follows:
$H\2y${salted_for_H_prefix}${salt_+_settings_for_2y_prefix}${hash}
The prefixes are seperated by a backslash. Individual settings (which
can include either just the salt or a salt and possible additional settings)
are seperated by dollar signs. As backslashes and dollar signs are not
allowed in hashes or salts, they will be used for seperating the settings
from the salt.
Here is an example of a password hash:
$H\2a$9zv1uIaq1$10\1ff4640409fb96a449c1fO$/oN1O0cdUmFSMZT3UZKrgAyalhnt1LC
The 'H' prefix stands for the salted md5 implementation of phpBB 3.0.
Its settings will be parsed as 9zv1uIaq1 resulting in a hash for the check
as follows:
$H$9zv1uIaq1{hash}
Since the password is used for hashing, the {hash} can be left blank and
will basically be filled by the hashing algorithm. The {hash} will then be
used as password for the next hashing algorithm. In this case that would be
the bcrypt algorithm. The settings are set to 10\1ff4640409fb96a449c1fO which
will be transformed to 10$1ff4640409fb96a449c1fO resulting in a hash like
this for the bcrypt hashing function:
$2a$10$1ff4640409fb96a449c1fO{hash}
The {hash} will again be basically filled by the hashing algorithm.
Afterwards, the {hash} will be extracted from the returned hash and put at
the end of the already known hash settings:
$H\2a$9zv1uIaq1$10\1ff4640409fb96a449c1fO$
If the password is correct, the combined hash will of course be the same
as the stored one.
PHPBB3-11610
* rechosen/ticket/11792:
[ticket/11792] Add functional test for var lang_set_ext of core.user_setup
[ticket/11792] Add performance remark to core.user_setup event PHPDoc
[ticket/11792] Add variable 'lang_set_ext' to event core.user_setup
To prevent extension authors from loading all their translations globally, a
remark on this was added to the PHPDoc documentation of the core.user_setup
event.
PHPBB3-11792
To allow extensions to add global language strings just like mods can, add the
'lang_set_ext' variable to the core.user_setup event. It requires an ext_name
to be specified as well as a lang_set, and loads the specified lang_set in the
context of the extension.
PHPBB3-11792
Include forum_fn.js via INCLUDEJS
Move $SCRIPTS after footer event, allowing extensions to include scripts
Use correct template variable for including scripts
PHPBB3-11800
Even though the coding guidelines document prescribes "commas after every
array element", it contains several example code fragments with array elements
not terminated by a comma. This commit fixes that.
PHPBB3-11794
* develop-olympus:
[ticket/11775] Fix doc blocks syntax
[ticket/11775] Remove spaces at line ends
[ticket/11775] Split test into multiple steps
[ticket/11775] Add functional test for moving the last post
[ticket/11775] Backport moving of the posting functions to 3.0
[ticket/11775] Fix error when moving the last post to another topic
Conflicts:
tests/test_framework/phpbb_functional_test_case.php
* prep-release-3.0.12:
[ticket/11775] Fix doc blocks syntax
[ticket/11775] Remove spaces at line ends
[ticket/11775] Split test into multiple steps
[ticket/11775] Add functional test for moving the last post
[ticket/11775] Backport moving of the posting functions to 3.0
[ticket/11775] Fix error when moving the last post to another topic
To further mirror the file name and location requirements for php template
event listeners, require extension template event listener files to follow the
'<event name>_listener.html' naming format.
PHPBB3-11777
Per suggestion of EXreaction and nickvergessen, do not look for extension
template event listeners in styles/[style]/template/events/ but in
styles/[style]/template/event/ (without the trailing 's') to match the way
phpBB looks for php template event listeners.
PHPBB3-11777
Makes the twig template engine look in the events/ subdirectory instead of the
main styles/[style]/template/ directory for extension template events. Note
that it does _not_ look recursively!
PHPBB3-11777
* EXreaction/ticket/11701:
[ticket/11701] New line at EOF
[ticket/11701] Test events in loops
[ticket/11701] Refix regex for appending |length
[ticket/11701] Fix regex for appending |length
[ticket/11701] Fix loops var check
[ticket/11701] Remove useless str_replace
[ticket/11701] Loop variables are not passed correctly to events
# By Joas Schilling (16) and Igor Wiedler (6)
# Via Joas Schilling (5) and Igor Wiedler (2)
* nickvergessen/ticket/11574: (22 commits)
[ticket/11574] Remove install/udpate/new/ fallback from database_update.php
[ticket/11574] Do not display incompatible package note after successful update
[ticket/11574] Remove old "continue step"-message
[ticket/11574] Change order of files and database update
[ticket/11574] Fix more issues in the updater
[ticket/11574] Add trailing slash for consistency
[ticket/11574] Fix table prefix in database updater
[ticket/11574] Fix various path issues in the updater
[ticket/11574] Make install language filename less crazy
[ticket/11574] Use alternate DI config file for updater
[ticket/11574] Include normalizer so it loads form the correct directory
[ticket/11574] Only fall back to install/update versions, when IN_INSTALL ;)
[ticket/11574] Use log object instead of old function
[ticket/11574] Include vendor into update packages
[ticket/11574] Create phpbb_log object before using it.
[ticket/11574] Add correct language parameter to return links
[ticket/11574] Use request object rather then request_var function
[ticket/11574] Load new language files whenever possible
[ticket/11574] Require new files in install/index.php and add a class loader
[ticket/11574] Require new files in database_update.php and add a class loader
...
Example.org no longer serves blank responses, failing functional tests.
this patch creates a blank file and serve it locally during the test,
instead of hitting the http://example.org servers kindly provided by IANA.
PHPBB3-11761
