/**
* Encrypt the password with a specific algorithm
* @return String
*/
private function encryptPassword()
{
$password = $this->password;
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$random_state = uniqid();
$random = '';
$count = 6;
if ($fh = @fopen('/dev/urandom', 'rb')) {
$random = fread($fh, $count);
fclose($fh);
}
if (strlen($random) < $count) {
$random = '';
for ($i = 0; $i < $count; $i += 16) {
$random_state = md5(uniqid() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $count);
}
$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
if (strlen($hash) == 34) {
return $hash;
}
return md5($password);
}
/**
* Check for correct password
*
* @param string $password The password in plain text
* @param string $hash The stored password hash
*
* @return bool Returns true if the password is correct, false if not.
*/
function phpbb_check_hash($password, $hash)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if (strlen($hash) == 34) {
return _hash_crypt_private($password, $hash, $itoa64) === $hash ? true : false;
}
return md5($password) === $hash ? true : false;
}
function phpbb_hash($password)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$random = '';
$count = 6;
if ($fh = @fopen('/dev/urandom', 'rb')) {
$random = fread($fh, $count);
fclose($fh);
}
$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
if (strlen($hash) == 34) {
return $hash;
}
return md5($password);
}
/**
* Try and authenticate for our password compatibility scheme.
*
* @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
* @param ?MEMBER The member id (NULL: use member name)
* @param MD5 The md5-hashed password
* @param string The raw password
* @param boolean Whether this is a cookie login
* @param array Row of OCF account
* @return ?tempcode Error message (NULL: none)
*/
function auth($username, $userid, $password_hashed, $password_raw, $cookie_login, $row)
{
if ($cookie_login) {
if ($row['m_pass_hash_salted'] != $password_hashed) {
return do_lang_tempcode('USER_BAD_PASSWORD');
}
} else {
require_code('forum/phpbb3');
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if (_hash_crypt_private($password_raw, $row['m_pass_hash_salted'], $itoa64) != $row['m_pass_hash_salted']) {
return do_lang_tempcode('USER_BAD_PASSWORD');
}
}
return NULL;
}
/**
* The hashing algorithm of this forum driver. NOT used for cookie logins for this forum driver (cookies store a generated session ID).
*
* @param string The data to hash (the password in actuality)
* @param string The string converted member-ID in actuality, although this function is more general. For cookie logins, 'ys'
* @param boolean Whether to just get the old style hash
* @return string The hashed data
*/
function forum_md5($data, $key, $just_first = false)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$hash = $GLOBALS['FORUM_DB']->query_value_null_ok('users', 'user_password', array('username_clean' => strtolower($key)));
if (is_null($hash)) {
return '';
}
return _hash_crypt_private($data, $hash, $itoa64);
}
/**
* Check for correct password
*
* @param string $password The password in plain text
* @param string $hash The stored password hash
*
* @return bool Returns true if the password is correct, false if not.
*/
function phpbb_check_hash($password, $hash)
{
if (strlen($password) > 4096) {
// If the password is too huge, we will simply reject it
// and not let the server try to hash it.
return false;
}
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if (strlen($hash) == 34) {
return _hash_crypt_private($password, $hash, $itoa64) === $hash ? true : false;
}
return md5($password) === $hash ? true : false;
}
