Verzeichnisstruktur phpBB-3.2.0
- Veröffentlicht
- 06.01.2017
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
bcrypt.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\passwords\driver;
015
016 class bcrypt extends base
017 {
018 const PREFIX = '$2a$';
019
020 /** @var int Hashing cost factor */
021 protected $cost_factor;
022
023 /**
024 * Constructor of passwords driver object
025 *
026 * @param \phpbb\config\config $config phpBB config
027 * @param \phpbb\passwords\driver\helper $helper Password driver helper
028 * @param int $cost_factor Hashing cost factor (optional)
029 */
030 public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor = 10)
031 {
032 parent::__construct($config, $helper);
033
034 // Don't allow cost factor to be below default setting
035 $this->cost_factor = max(10, $cost_factor);
036 }
037
038 /**
039 * {@inheritdoc}
040 */
041 public function get_prefix()
042 {
043 return self::PREFIX;
044 }
045
046 /**
047 * {@inheritdoc}
048 */
049 public function needs_rehash($hash)
050 {
051 preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches);
052
053 list(, $cost_factor) = $matches;
054
055 return empty($cost_factor) || $this->cost_factor !== intval($cost_factor);
056 }
057
058 /**
059 * {@inheritdoc}
060 */
061 public function hash($password, $salt = '')
062 {
063 // The 2x and 2y prefixes of bcrypt might not be supported
064 // Revert to 2a if this is the case
065 $prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
066
067 // Do not support 8-bit characters with $2a$ bcrypt
068 // Also see http://www.php.net/security/crypt_blowfish.php
069 if ($prefix === self::PREFIX)
070 {
071 if (ord($password[strlen($password)-1]) & 128)
072 {
073 return false;
074 }
075 }
076
077 if ($salt == '')
078 {
079 $salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt();
080 }
081
082 $hash = crypt($password, $salt);
083 if (strlen($hash) < 60)
084 {
085 return false;
086 }
087 return $hash;
088 }
089
090 /**
091 * {@inheritdoc}
092 */
093 public function check($password, $hash, $user_row = array())
094 {
095 $salt = substr($hash, 0, 29);
096 if (strlen($salt) != 29)
097 {
098 return false;
099 }
100
101 if ($this->helper->string_compare($hash, $this->hash($password, $salt)))
102 {
103 return true;
104 }
105 return false;
106 }
107
108 /**
109 * Get a random salt value with a length of 22 characters
110 *
111 * @return string Salt for password hashing
112 */
113 protected function get_random_salt()
114 {
115 return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
116 }
117
118 /**
119 * {@inheritdoc}
120 */
121 public function get_settings_only($hash, $full = false)
122 {
123 if ($full)
124 {
125 $pos = stripos($hash, '$', 1) + 1;
126 $length = 22 + (strripos($hash, '$') + 1 - $pos);
127 }
128 else
129 {
130 $pos = strripos($hash, '$') + 1;
131 $length = 22;
132 }
133 return substr($hash, $pos, $length);
134 }
135 }
136