aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/auth/provider
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb/auth/provider')
-rw-r--r--phpBB/phpbb/auth/provider/apache.php13
-rw-r--r--phpBB/phpbb/auth/provider/db.php32
-rw-r--r--phpBB/phpbb/auth/provider/ldap.php19
3 files changed, 45 insertions, 19 deletions
diff --git a/phpBB/phpbb/auth/provider/apache.php b/phpBB/phpbb/auth/provider/apache.php
index 77bc976938..23cdc89829 100644
--- a/phpBB/phpbb/auth/provider/apache.php
+++ b/phpBB/phpbb/auth/provider/apache.php
@@ -17,19 +17,28 @@ namespace phpbb\auth\provider;
class apache extends \phpbb\auth\provider\base
{
/**
+ * phpBB passwords manager
+ *
+ * @var \phpbb\passwords\manager
+ */
+ protected $passwords_manager;
+
+ /**
* Apache Authentication Constructor
*
* @param \phpbb\db\driver\driver $db
* @param \phpbb\config\config $config
+ * @param \phpbb\passwords\manager $passwords_manager
* @param \phpbb\request\request $request
* @param \phpbb\user $user
* @param string $phpbb_root_path
* @param string $php_ext
*/
- public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
+ public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
{
$this->db = $db;
$this->config = $config;
+ $this->passwords_manager = $passwords_manager;
$this->request = $request;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
@@ -220,7 +229,7 @@ class apache extends \phpbb\auth\provider\base
// generate user account data
return array(
'username' => $username,
- 'user_password' => phpbb_hash($password),
+ 'user_password' => $this->passwords_manager->hash($password),
'user_email' => '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php
index 6ea04eab36..6bbbc0be16 100644
--- a/phpBB/phpbb/auth/provider/db.php
+++ b/phpBB/phpbb/auth/provider/db.php
@@ -18,21 +18,29 @@ namespace phpbb\auth\provider;
*/
class db extends \phpbb\auth\provider\base
{
+ /**
+ * phpBB passwords manager
+ *
+ * @var \phpbb\passwords\manager
+ */
+ protected $passwords_manager;
/**
* Database Authentication Constructor
*
- * @param \phpbb\db\driver\driver $db
- * @param \phpbb\config\config $config
- * @param \phpbb\request\request $request
- * @param \phpbb\user $user
- * @param string $phpbb_root_path
- * @param string $php_ext
+ * @param \phpbb\db\driver\driver $db
+ * @param \phpbb\config\config $config
+ * @param \phpbb\passwords\manager $passwords_manager
+ * @param \phpbb\request\request $request
+ * @param \phpbb\user $user
+ * @param string $phpbb_root_path
+ * @param string $php_ext
*/
- public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
+ public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
{
$this->db = $db;
$this->config = $config;
+ $this->passwords_manager = $passwords_manager;
$this->request = $request;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
@@ -191,10 +199,10 @@ class db extends \phpbb\auth\provider\base
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
// plain md5 support left in for conversions from other systems.
- if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
+ if ((strlen($row['user_password']) == 34 && ($this->passwords_manager->check(md5($password_old_format), $row['user_password']) || $this->passwords_manager->check(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
|| (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
{
- $hash = phpbb_hash($password_new_format);
+ $hash = $this->passwords_manager->hash($password_new_format);
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
@@ -226,12 +234,12 @@ class db extends \phpbb\auth\provider\base
}
// Check password ...
- if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
+ if (!$row['user_pass_convert'] && $this->passwords_manager->check($password, $row['user_password']))
{
// Check for old password hash...
- if (strlen($row['user_password']) == 32)
+ if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32)
{
- $hash = phpbb_hash($password);
+ $hash = $this->passwords_manager->hash($password);
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "
diff --git a/phpBB/phpbb/auth/provider/ldap.php b/phpBB/phpbb/auth/provider/ldap.php
index 4ce43853bd..e92a227e16 100644
--- a/phpBB/phpbb/auth/provider/ldap.php
+++ b/phpBB/phpbb/auth/provider/ldap.php
@@ -19,16 +19,25 @@ namespace phpbb\auth\provider;
class ldap extends \phpbb\auth\provider\base
{
/**
+ * phpBB passwords manager
+ *
+ * @var \phpbb\passwords\manager
+ */
+ protected $passwords_manager;
+
+ /**
* LDAP Authentication Constructor
*
- * @param \phpbb\db\driver\driver $db
- * @param \phpbb\config\config $config
- * @param \phpbb\user $user
+ * @param \phpbb\db\driver\driver $db
+ * @param \phpbb\config\config $config
+ * @param \phpbb\passwords\manager $passwords_manager
+ * @param \phpbb\user $user
*/
- public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\user $user)
+ public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user)
{
$this->db = $db;
$this->config = $config;
+ $this->passwords_manager = $passwords_manager;
$this->user = $user;
}
@@ -235,7 +244,7 @@ class ldap extends \phpbb\auth\provider\base
// generate user account data
$ldap_user_row = array(
'username' => $username,
- 'user_password' => phpbb_hash($password),
+ 'user_password' => $this->passwords_manager->hash($password),
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,