- * @var phpbb\passwords\manager

- */

- protected $manager;

-

- /**

- * Set the passwords manager instance

- *

- * @param phpbb\passwords\manager $manager Passwords manager object

- */

- public function set_manager(manager $manager)

- {

- $this->manager = $manager;

- }

-

- /**

- protected function get_combined_hash_settings($hash)

- * Create combined hash from already hashed password

- *

- * @param string $password_hash Complete current password hash

- * @param string $type Type of the hashing algorithm the password hash

- * should be combined with

- * @return string|bool Combined password hash if combined hashing was

- * successful, else false

- */

- public function combined_hash_password($password_hash, $type)

- {

- $data = array(

- 'prefix' => '$',

- 'settings' => '$',

- );

- $hash_settings = $this->get_combined_hash_settings($password_hash);

- $hash = $hash_settings[0];

-

- // Put settings of current hash into data array

- $stored_hash_type = $this->manager->detect_algorithm($password_hash);

- $this->combine_hash_output($data, 'prefix', $stored_hash_type->get_prefix());

- $this->combine_hash_output($data, 'settings', $stored_hash_type->get_settings_only($password_hash));

-

- // Hash current hash with the defined types

- foreach ($type as $cur_type)

- {

- if (isset($this->manager->algorithms[$cur_type]))

- {

- $new_hash_type = $this->manager->algorithms[$cur_type];

- }

- else

- {

- return false;

- }

-

- $new_hash = $new_hash_type->hash(str_replace($stored_hash_type->get_settings_only($password_hash), '', $hash));

- $this->combine_hash_output($data, 'prefix', $new_hash_type->get_prefix());

- $this->combine_hash_output($data, 'settings', substr(str_replace('$', '\\', $new_hash_type->get_settings_only($new_hash, true)), 0));

- $hash = str_replace($new_hash_type->get_settings_only($new_hash), '', $this->obtain_hash_only($new_hash));

- }

- return $this->combine_hash_output($data, 'hash', $hash);

- }

-

- /**

- * Check combined password hash against the supplied password

- *

- * @param string $password Password entered by user

- * @param array $stored_hash_type An array containing the hash types

- * as described by stored password hash

- * @param string $hash Stored password hash

- *

- * @return bool True if password is correct, false if not

- */

- public function check_combined_hash($password, $stored_hash_type, $hash)

- {

- $i = 0;

- $data = array(

- 'prefix' => '$',

- 'settings' => '$',

- );

- $hash_settings = $this->get_combined_hash_settings($hash);

- foreach ($stored_hash_type as $key => $hash_type)

- {

- $rebuilt_hash = $this->rebuild_hash($hash_type->get_prefix(), $hash_settings[$i]);

- $this->combine_hash_output($data, 'prefix', $key);

- $this->combine_hash_output($data, 'settings', $hash_settings[$i]);

- $cur_hash = $hash_type->hash($password, $rebuilt_hash);

- $password = str_replace($rebuilt_hash, '', $cur_hash);

- $i++;

- }

- return ($hash === $this->combine_hash_output($data, 'hash', $password));

- }

-

- /**

- protected function combine_hash_output(&$data, $type, $value)

- protected function rebuild_hash($prefix, $settings)

- protected function obtain_hash_only($hash)