aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb')
-rw-r--r--phpBB/phpbb/passwords/driver/bcrypt.php10
-rw-r--r--phpBB/phpbb/passwords/manager.php10
2 files changed, 10 insertions, 10 deletions
diff --git a/phpBB/phpbb/passwords/driver/bcrypt.php b/phpBB/phpbb/passwords/driver/bcrypt.php
index 2f6cc1b381..e29379a36f 100644
--- a/phpBB/phpbb/passwords/driver/bcrypt.php
+++ b/phpBB/phpbb/passwords/driver/bcrypt.php
@@ -41,6 +41,16 @@ class bcrypt extends \phpbb\passwords\driver\base
// Revert to 2a if this is the case
$prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
+ // Do not support 8-bit characters with $2a$ bcrypt
+ // Also see http://www.php.net/security/crypt_blowfish.php
+ if ($prefix === self::PREFIX)
+ {
+ if (ord($password[strlen($password)-1]) & 128)
+ {
+ return false;
+ }
+ }
+
if ($salt == '')
{
$salt = $prefix . '10$' . $this->get_random_salt();
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php
index 6ec9eefaed..0b41d3a8c3 100644
--- a/phpBB/phpbb/passwords/manager.php
+++ b/phpBB/phpbb/passwords/manager.php
@@ -214,16 +214,6 @@ class manager
return false;
}
- // Do not support 8-bit characters with $2a$ bcrypt
- // Also see http://www.php.net/security/crypt_blowfish.php
- if ($type === 'passwords.driver.bcrypt' || ($type === 'passwords.driver.bcrypt_2y' && !$hashing_algorithm->is_supported()))
- {
- if (ord($password[strlen($password)-1]) & 128)
- {
- return false;
- }
- }
-
return $hashing_algorithm->hash($password);
}