0x1949 Team - FAZEMRX - MANAGER
Edit File: bcrypt.php
<?php /** * * This file is part of the phpBB Forum Software package. * * @copyright (c) phpBB Limited <https://www.phpbb.com> * @license GNU General Public License, version 2 (GPL-2.0) * * For full copyright and license information, please see * the docs/CREDITS.txt file. * */ namespace phpbb\passwords\driver; class bcrypt extends base { const PREFIX = '$2a$'; /** @var int Hashing cost factor */ protected $cost_factor; /** * Constructor of passwords driver object * * @param \phpbb\config\config $config phpBB config * @param \phpbb\passwords\driver\helper $helper Password driver helper * @param int $cost_factor Hashing cost factor (optional) */ public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor = 10) { parent::__construct($config, $helper); // Don't allow cost factor to be below default setting $this->cost_factor = max(10, $cost_factor); } /** * {@inheritdoc} */ public function get_prefix() { return self::PREFIX; } /** * {@inheritdoc} */ public function needs_rehash($hash) { preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches); list(, $cost_factor) = $matches; return empty($cost_factor) || $this->cost_factor !== intval($cost_factor); } /** * {@inheritdoc} */ public function hash($password, $salt = '') { // The 2x and 2y prefixes of bcrypt might not be supported // Revert to 2a if this is the case $prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix(); // Do not support 8-bit characters with $2a$ bcrypt // Also see http://www.php.net/security/crypt_blowfish.php if ($prefix === self::PREFIX) { if (ord($password[strlen($password)-1]) & 128) { return false; } } if ($salt == '') { $salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt(); } $hash = crypt($password, $salt); if (strlen($hash) < 60) { return false; } return $hash; } /** * {@inheritdoc} */ public function check($password, $hash, $user_row = array()) { $salt = substr($hash, 0, 29); if (strlen($salt) != 29) { return false; } if ($this->helper->string_compare($hash, $this->hash($password, $salt))) { return true; } return false; } /** * Get a random salt value with a length of 22 characters * * @return string Salt for password hashing */ protected function get_random_salt() { return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22); } /** * {@inheritdoc} */ public function get_settings_only($hash, $full = false) { if ($full) { $pos = stripos($hash, '$', 1) + 1; $length = 22 + (strripos($hash, '$') + 1 - $pos); } else { $pos = strripos($hash, '$') + 1; $length = 22; } return substr($hash, $pos, $length); } }