Code Coverage for /data/phpBB/phpbb/passwords/driver/bcrypt.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	100.00% covered (success)	100.00%	29 / 29	100.00% covered (success)	100.00%	7 / 7	CRAP	100.00% covered (success)	100.00%	1 / 1
bcrypt	100.00% covered (success)	100.00%	29 / 29	100.00% covered (success)	100.00%	7 / 7	16	100.00% covered (success)	100.00%	1 / 1
__construct	100.00% covered (success)	100.00%	2 / 2	100.00% covered (success)	100.00%	1 / 1	1
get_prefix	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
needs_rehash	100.00% covered (success)	100.00%	3 / 3	100.00% covered (success)	100.00%	1 / 1	2
hash	100.00% covered (success)	100.00%	10 / 10	100.00% covered (success)	100.00%	1 / 1	6
check	100.00% covered (success)	100.00%	6 / 6	100.00% covered (success)	100.00%	1 / 1	3
get_random_salt	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
get_settings_only	100.00% covered (success)	100.00%	6 / 6	100.00% covered (success)	100.00%	1 / 1	2

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	namespace phpbb\passwords\driver;
15
16	class bcrypt extends base
17	{
18	const PREFIX = '$2a$';
19
20	/** @var int Hashing cost factor */
21	protected $cost_factor;
22
23	/**
24	* Constructor of passwords driver object
25	*
26	* @param \phpbb\config\config $config phpBB config
27	* @param \phpbb\passwords\driver\helper $helper Password driver helper
28	* @param int $cost_factor Hashing cost factor (optional)
29	*/
30	public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor = 10)
31	{
32	parent::__construct($config, $helper);
33
34	// Don't allow cost factor to be below default setting
35	$this->cost_factor = max(10, $cost_factor);
36	}
37
38	/**
39	* {@inheritdoc}
40	*/
41	public function get_prefix()
42	{
43	return self::PREFIX;
44	}
45
46	/**
47	* {@inheritdoc}
48	*/
49	public function needs_rehash($hash)
50	{
51	preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches);
52
53	list(, $cost_factor) = $matches;
54
55	return empty($cost_factor) \|\| $this->cost_factor !== intval($cost_factor);
56	}
57
58	/**
59	* {@inheritdoc}
60	*/
61	public function hash($password, $salt = '')
62	{
63	// The 2x and 2y prefixes of bcrypt might not be supported
64	// Revert to 2a if this is the case
65	$prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
66
67	// Do not support 8-bit characters with $2a$ bcrypt
68	// Also see http://www.php.net/security/crypt_blowfish.php
69	if ($prefix === self::PREFIX)
70	{
71	if (ord($password[strlen($password)-1]) & 128)
72	{
73	return false;
74	}
75	}
76
77	if ($salt == '')
78	{
79	$salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt();
80	}
81
82	$hash = crypt($password, $salt);
83	if (strlen($hash) < 60)
84	{
85	return false;
86	}
87	return $hash;
88	}
89
90	/**
91	* {@inheritdoc}
92	*/
93	public function check($password, $hash, $user_row = array())
94	{
95	$salt = substr($hash, 0, 29);
96	if (strlen($salt) != 29)
97	{
98	return false;
99	}
100
101	if ($this->helper->string_compare($hash, $this->hash($password, $salt)))
102	{
103	return true;
104	}
105	return false;
106	}
107
108	/**
109	* Get a random salt value with a length of 22 characters
110	*
111	* @return string Salt for password hashing
112	*/
113	protected function get_random_salt()
114	{
115	return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
116	}
117
118	/**
119	* {@inheritdoc}
120	*/
121	public function get_settings_only($hash, $full = false)
122	{
123	if ($full)
124	{
125	$pos = stripos($hash, '$', 1) + 1;
126	$length = 22 + (strripos($hash, '$') + 1 - $pos);
127	}
128	else
129	{
130	$pos = strripos($hash, '$') + 1;
131	$length = 22;
132	}
133	return substr($hash, $pos, $length);
134	}
135	}