[ Index ]

PHP Cross Reference of phpBB-3.3.2-deutsch

title

Body

[close]

/phpbb/passwords/driver/ -> bcrypt.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  namespace phpbb\passwords\driver;
  15  
  16  class bcrypt extends base
  17  {
  18      const PREFIX = '$2a$';
  19  
  20      /** @var int Hashing cost factor */
  21      protected $cost_factor;
  22  
  23      /**
  24       * Constructor of passwords driver object
  25       *
  26       * @param \phpbb\config\config $config phpBB config
  27       * @param \phpbb\passwords\driver\helper $helper Password driver helper
  28       * @param int $cost_factor Hashing cost factor (optional)
  29       */
  30  	public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor = 10)
  31      {
  32          parent::__construct($config, $helper);
  33  
  34          // Don't allow cost factor to be below default setting
  35          $this->cost_factor = max(10, $cost_factor);
  36      }
  37  
  38      /**
  39      * {@inheritdoc}
  40      */
  41  	public function get_prefix()
  42      {
  43          return self::PREFIX;
  44      }
  45  
  46      /**
  47       * {@inheritdoc}
  48       */
  49  	public function needs_rehash($hash)
  50      {
  51          preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches);
  52  
  53          list(, $cost_factor) = $matches;
  54  
  55          return empty($cost_factor) || $this->cost_factor !== intval($cost_factor);
  56      }
  57  
  58      /**
  59      * {@inheritdoc}
  60      */
  61  	public function hash($password, $salt = '')
  62      {
  63          // The 2x and 2y prefixes of bcrypt might not be supported
  64          // Revert to 2a if this is the case
  65          $prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
  66  
  67          // Do not support 8-bit characters with $2a$ bcrypt
  68          // Also see http://www.php.net/security/crypt_blowfish.php
  69          if ($prefix === self::PREFIX)
  70          {
  71              if (ord($password[strlen($password)-1]) & 128)
  72              {
  73                  return false;
  74              }
  75          }
  76  
  77          if ($salt == '')
  78          {
  79              $salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt();
  80          }
  81  
  82          $hash = crypt($password, $salt);
  83          if (strlen($hash) < 60)
  84          {
  85              return false;
  86          }
  87          return $hash;
  88      }
  89  
  90      /**
  91      * {@inheritdoc}
  92      */
  93  	public function check($password, $hash, $user_row = array())
  94      {
  95          $salt = substr($hash, 0, 29);
  96          if (strlen($salt) != 29)
  97          {
  98              return false;
  99          }
 100  
 101          if ($this->helper->string_compare($hash, $this->hash($password, $salt)))
 102          {
 103              return true;
 104          }
 105          return false;
 106      }
 107  
 108      /**
 109      * Get a random salt value with a length of 22 characters
 110      *
 111      * @return string Salt for password hashing
 112      */
 113  	protected function get_random_salt()
 114      {
 115          return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
 116      }
 117  
 118      /**
 119      * {@inheritdoc}
 120      */
 121  	public function get_settings_only($hash, $full = false)
 122      {
 123          if ($full)
 124          {
 125              $pos = stripos($hash, '$', 1) + 1;
 126              $length = 22 + (strripos($hash, '$') + 1 - $pos);
 127          }
 128          else
 129          {
 130              $pos = strripos($hash, '$') + 1;
 131              $length = 22;
 132          }
 133          return substr($hash, $pos, $length);
 134      }
 135  }


Generated: Wed Nov 11 20:28:18 2020 Cross-referenced by PHPXref 0.7.1