Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
Total | |
100.00% |
1 / 1 |
|
100.00% |
7 / 7 |
CRAP | |
100.00% |
39 / 39 |
bcrypt | |
100.00% |
1 / 1 |
|
100.00% |
7 / 7 |
16 | |
100.00% |
39 / 39 |
__construct | |
100.00% |
1 / 1 |
1 | |
100.00% |
3 / 3 |
|||
get_prefix | |
100.00% |
1 / 1 |
1 | |
100.00% |
1 / 1 |
|||
needs_rehash | |
100.00% |
1 / 1 |
2 | |
100.00% |
3 / 3 |
|||
hash | |
100.00% |
1 / 1 |
6 | |
100.00% |
16 / 16 |
|||
check | |
100.00% |
1 / 1 |
3 | |
100.00% |
8 / 8 |
|||
get_random_salt | |
100.00% |
1 / 1 |
1 | |
100.00% |
1 / 1 |
|||
get_settings_only | |
100.00% |
1 / 1 |
2 | |
100.00% |
7 / 7 |
<?php | |
/** | |
* | |
* This file is part of the phpBB Forum Software package. | |
* | |
* @copyright (c) phpBB Limited <https://www.phpbb.com> | |
* @license GNU General Public License, version 2 (GPL-2.0) | |
* | |
* For full copyright and license information, please see | |
* the docs/CREDITS.txt file. | |
* | |
*/ | |
namespace phpbb\passwords\driver; | |
class bcrypt extends base | |
{ | |
const PREFIX = '$2a$'; | |
/** @var int Hashing cost factor */ | |
protected $cost_factor; | |
/** | |
* Constructor of passwords driver object | |
* | |
* @param \phpbb\config\config $config phpBB config | |
* @param \phpbb\passwords\driver\helper $helper Password driver helper | |
* @param int $cost_factor Hashing cost factor (optional) | |
*/ | |
public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor = 10) | |
{ | |
parent::__construct($config, $helper); | |
// Don't allow cost factor to be below default setting | |
$this->cost_factor = max(10, $cost_factor); | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public function get_prefix() | |
{ | |
return self::PREFIX; | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public function needs_rehash($hash) | |
{ | |
preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches); | |
list(, $cost_factor) = $matches; | |
return empty($cost_factor) || $this->cost_factor !== intval($cost_factor); | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public function hash($password, $salt = '') | |
{ | |
// The 2x and 2y prefixes of bcrypt might not be supported | |
// Revert to 2a if this is the case | |
$prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix(); | |
// Do not support 8-bit characters with $2a$ bcrypt | |
// Also see http://www.php.net/security/crypt_blowfish.php | |
if ($prefix === self::PREFIX) | |
{ | |
if (ord($password[strlen($password)-1]) & 128) | |
{ | |
return false; | |
} | |
} | |
if ($salt == '') | |
{ | |
$salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt(); | |
} | |
$hash = crypt($password, $salt); | |
if (strlen($hash) < 60) | |
{ | |
return false; | |
} | |
return $hash; | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public function check($password, $hash, $user_row = array()) | |
{ | |
$salt = substr($hash, 0, 29); | |
if (strlen($salt) != 29) | |
{ | |
return false; | |
} | |
if ($this->helper->string_compare($hash, $this->hash($password, $salt))) | |
{ | |
return true; | |
} | |
return false; | |
} | |
/** | |
* Get a random salt value with a length of 22 characters | |
* | |
* @return string Salt for password hashing | |
*/ | |
protected function get_random_salt() | |
{ | |
return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22); | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public function get_settings_only($hash, $full = false) | |
{ | |
if ($full) | |
{ | |
$pos = stripos($hash, '$', 1) + 1; | |
$length = 22 + (strripos($hash, '$') + 1 - $pos); | |
} | |
else | |
{ | |
$pos = strripos($hash, '$') + 1; | |
$length = 22; | |
} | |
return substr($hash, $pos, $length); | |
} | |
} |