Merge pull request #4960 from rxu/ticket/15367

[ticket/15367] Escape special characters in Sphinx search backend
author: Oliver Schramm <oliver.schramm97@gmail.com> 2017-10-05 14:54:47 +0200
committer: Oliver Schramm <oliver.schramm97@gmail.com> 2017-10-05 14:54:47 +0200
commit: 5514b1069968d451adb7eaf89278a6e1e5dc20df (patch)
tree: 245b21642c134c4509e46fab60d130065e123624 /phpBB/phpbb/passwords/driver/bcrypt.php
parent: 93621aa1844ab48d9bae068d9872d2c49ae86de4 (diff)
parent: ca5678cc1c2a1f723d39127e0c066eba6c9a3336 (diff)
download: forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar
forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar.gz
forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar.bz2
forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar.xz
forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.zip
1 files changed, 31 insertions, 1 deletions
diff --git a/phpBB/phpbb/passwords/driver/bcrypt.php b/phpBB/phpbb/passwords/driver/bcrypt.php
index eab1c3d569..eb1aeeeb76 100644
--- a/phpBB/phpbb/passwords/driver/bcrypt.php
+++ b/phpBB/phpbb/passwords/driver/bcrypt.php
@@ -17,6 +17,24 @@ class bcrypt extends base
 {
 	const PREFIX = '$2a$';
 
+	/** @var int Hashing cost factor */
+	protected $cost_factor;
+
+	/**
+	 * Constructor of passwords driver object
+	 *
+	 * @param \phpbb\config\config $config phpBB config
+	 * @param \phpbb\passwords\driver\helper $helper Password driver helper
+	 * @param int $cost_factor Hashing cost factor (optional)
+	 */
+	public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor = 10)
+	{
+		parent::__construct($config, $helper);
+
+		// Don't allow cost factor to be below default setting
+		$this->cost_factor = max(10, $cost_factor);
+	}
+
 	/**
 	* {@inheritdoc}
 	*/
@@ -26,6 +44,18 @@ class bcrypt extends base
 	}
 
 	/**
+	 * {@inheritdoc}
+	 */
+	public function needs_rehash($hash)
+	{
+		preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches);
+
+		list(, $cost_factor) = $matches;
+
+		return empty($cost_factor) || $this->cost_factor !== intval($cost_factor);
+	}
+
+	/**
 	* {@inheritdoc}
 	*/
 	public function hash($password, $salt = '')
@@ -46,7 +76,7 @@ class bcrypt extends base
 
 		if ($salt == '')
 		{
-			$salt = $prefix . '10$' . $this->get_random_salt();
+			$salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt();
 		}
 
 		$hash = crypt($password, $salt);
author	Oliver Schramm <oliver.schramm97@gmail.com>	2017-10-05 14:54:47 +0200
committer	Oliver Schramm <oliver.schramm97@gmail.com>	2017-10-05 14:54:47 +0200
commit	5514b1069968d451adb7eaf89278a6e1e5dc20df (patch)
tree	245b21642c134c4509e46fab60d130065e123624 /phpBB/phpbb/passwords/driver/bcrypt.php
parent	93621aa1844ab48d9bae068d9872d2c49ae86de4 (diff)
parent	ca5678cc1c2a1f723d39127e0c066eba6c9a3336 (diff)
download	forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar.gz forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar.bz2 forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar.xz forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.zip