| [ Index ] |
PHP Cross Reference of phpBB-3.3.14-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 namespace phpbb\passwords\driver; 15 16 class bcrypt extends base 17 { 18 const PREFIX = '$2a$'; 19 20 /** @var int Hashing cost factor */ 21 protected $cost_factor; 22 23 /** 24 * Constructor of passwords driver object 25 * 26 * @param \phpbb\config\config $config phpBB config 27 * @param \phpbb\passwords\driver\helper $helper Password driver helper 28 * @param int $cost_factor Hashing cost factor (optional) 29 */ 30 public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor = 10) 31 { 32 parent::__construct($config, $helper); 33 34 // Don't allow cost factor to be below default setting 35 $this->cost_factor = max(10, $cost_factor); 36 } 37 38 /** 39 * {@inheritdoc} 40 */ 41 public function get_prefix() 42 { 43 return self::PREFIX; 44 } 45 46 /** 47 * {@inheritdoc} 48 */ 49 public function needs_rehash($hash) 50 { 51 preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches); 52 53 list(, $cost_factor) = $matches; 54 55 return empty($cost_factor) || $this->cost_factor !== intval($cost_factor); 56 } 57 58 /** 59 * {@inheritdoc} 60 */ 61 public function hash($password, $salt = '') 62 { 63 // The 2x and 2y prefixes of bcrypt might not be supported 64 // Revert to 2a if this is the case 65 $prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix(); 66 67 // Do not support 8-bit characters with $2a$ bcrypt 68 // Also see http://www.php.net/security/crypt_blowfish.php 69 if ($prefix === self::PREFIX) 70 { 71 if (ord($password[strlen($password)-1]) & 128) 72 { 73 return false; 74 } 75 } 76 77 if ($salt == '') 78 { 79 $salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt(); 80 } 81 82 $hash = crypt($password, $salt); 83 if (strlen($hash) < 60) 84 { 85 return false; 86 } 87 return $hash; 88 } 89 90 /** 91 * {@inheritdoc} 92 */ 93 public function check($password, $hash, $user_row = array()) 94 { 95 $salt = substr($hash, 0, 29); 96 if (strlen($salt) != 29) 97 { 98 return false; 99 } 100 101 if ($this->helper->string_compare($hash, $this->hash($password, $salt))) 102 { 103 return true; 104 } 105 return false; 106 } 107 108 /** 109 * Get a random salt value with a length of 22 characters 110 * 111 * @return string Salt for password hashing 112 */ 113 protected function get_random_salt() 114 { 115 return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22); 116 } 117 118 /** 119 * {@inheritdoc} 120 */ 121 public function get_settings_only($hash, $full = false) 122 { 123 if ($full) 124 { 125 $pos = stripos($hash, '$', 1) + 1; 126 $length = 22 + (strripos($hash, '$') + 1 - $pos); 127 } 128 else 129 { 130 $pos = strripos($hash, '$') + 1; 131 $length = 22; 132 } 133 return substr($hash, $pos, $length); 134 } 135 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Nov 25 19:05:08 2024 | Cross-referenced by PHPXref 0.7.1 |