[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  namespace phpbb\passwords\driver;
  15  
  16  class bcrypt extends base
  17  {
  18      const PREFIX = '$2a$';
  19  
  20      /**
  21      * {@inheritdoc}
  22      */
  23  	public function get_prefix()
  24      {
  25          return self::PREFIX;
  26      }
  27  
  28      /**
  29      * {@inheritdoc}
  30      */
  31  	public function hash($password, $salt = '')
  32      {
  33          // The 2x and 2y prefixes of bcrypt might not be supported
  34          // Revert to 2a if this is the case
  35          $prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
  36  
  37          // Do not support 8-bit characters with $2a$ bcrypt
  38          // Also see http://www.php.net/security/crypt_blowfish.php
  39          if ($prefix === self::PREFIX)
  40          {
  41              if (ord($password[strlen($password)-1]) & 128)
  42              {
  43                  return false;
  44              }
  45          }
  46  
  47          if ($salt == '')
  48          {
  49              $salt = $prefix . '10$' . $this->get_random_salt();
  50          }
  51  
  52          $hash = crypt($password, $salt);
  53          if (strlen($hash) < 60)
  54          {
  55              return false;
  56          }
  57          return $hash;
  58      }
  59  
  60      /**
  61      * {@inheritdoc}
  62      */
  63  	public function check($password, $hash, $user_row = array())
  64      {
  65          $salt = substr($hash, 0, 29);
  66          if (strlen($salt) != 29)
  67          {
  68              return false;
  69          }
  70  
  71          if ($this->helper->string_compare($hash, $this->hash($password, $salt)))
  72          {
  73              return true;
  74          }
  75          return false;
  76      }
  77  
  78      /**
  79      * Get a random salt value with a length of 22 characters
  80      *
  81      * @return string Salt for password hashing
  82      */
  83  	protected function get_random_salt()
  84      {
  85          return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
  86      }
  87  
  88      /**
  89      * {@inheritdoc}
  90      */
  91  	public function get_settings_only($hash, $full = false)
  92      {
  93          if ($full)
  94          {
  95              $pos = stripos($hash, '$', 1) + 1;
  96              $length = 22 + (strripos($hash, '$') + 1 - $pos);
  97          }
  98          else
  99          {
 100              $pos = strripos($hash, '$') + 1;
 101              $length = 22;
 102          }
 103          return substr($hash, $pos, $length);
 104      }
 105  }