[feature/passwords] Move check for 8-bit characters to bcrypt driver

PHPBB3-11610
author: Marc Alexander <admin@m-a-styles.de> 2013-10-07 16:00:52 +0200
committer: Marc Alexander <admin@m-a-styles.de> 2013-10-07 16:00:52 +0200
commit: f1d29499859a060b8c59a9efbeada74958eee720 (patch)
tree: 0c1b1f3964cc18373c237f0a172d6d6bc81e088c /phpBB
parent: 035db5e08b961055f0e74a26491ac35b289469cd (diff)
download: forums-f1d29499859a060b8c59a9efbeada74958eee720.tar
forums-f1d29499859a060b8c59a9efbeada74958eee720.tar.gz
forums-f1d29499859a060b8c59a9efbeada74958eee720.tar.bz2
forums-f1d29499859a060b8c59a9efbeada74958eee720.tar.xz
forums-f1d29499859a060b8c59a9efbeada74958eee720.zip
2 files changed, 10 insertions, 10 deletions
diff --git a/phpBB/phpbb/passwords/driver/bcrypt.php b/phpBB/phpbb/passwords/driver/bcrypt.php
index 2f6cc1b381..e29379a36f 100644
--- a/phpBB/phpbb/passwords/driver/bcrypt.php
+++ b/phpBB/phpbb/passwords/driver/bcrypt.php
@@ -41,6 +41,16 @@ class bcrypt extends \phpbb\passwords\driver\base
 		// Revert to 2a if this is the case
 		$prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
 
+		// Do not support 8-bit characters with $2a$ bcrypt
+		// Also see http://www.php.net/security/crypt_blowfish.php
+		if ($prefix === self::PREFIX)
+		{
+			if (ord($password[strlen($password)-1]) & 128)
+			{
+				return false;
+			}
+		}
+
 		if ($salt == '')
 		{
 			$salt = $prefix . '10$' . $this->get_random_salt();
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php
index 6ec9eefaed..0b41d3a8c3 100644
--- a/phpBB/phpbb/passwords/manager.php
+++ b/phpBB/phpbb/passwords/manager.php
@@ -214,16 +214,6 @@ class manager
 			return false;
 		}
 
-		// Do not support 8-bit characters with $2a$ bcrypt
-		// Also see http://www.php.net/security/crypt_blowfish.php
-		if ($type === 'passwords.driver.bcrypt' || ($type === 'passwords.driver.bcrypt_2y' && !$hashing_algorithm->is_supported()))
-		{
-			if (ord($password[strlen($password)-1]) & 128)
-			{
-				return false;
-			}
-		}
-
 		return $hashing_algorithm->hash($password);
 	}
author	Marc Alexander <admin@m-a-styles.de>	2013-10-07 16:00:52 +0200
committer	Marc Alexander <admin@m-a-styles.de>	2013-10-07 16:00:52 +0200
commit	f1d29499859a060b8c59a9efbeada74958eee720 (patch)
tree	0c1b1f3964cc18373c237f0a172d6d6bc81e088c /phpBB
parent	035db5e08b961055f0e74a26491ac35b289469cd (diff)
download	forums-f1d29499859a060b8c59a9efbeada74958eee720.tar forums-f1d29499859a060b8c59a9efbeada74958eee720.tar.gz forums-f1d29499859a060b8c59a9efbeada74958eee720.tar.bz2 forums-f1d29499859a060b8c59a9efbeada74958eee720.tar.xz forums-f1d29499859a060b8c59a9efbeada74958eee720.zip