| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
| |
Also added tests to make sure that crypto drivers are enforcing the hash
length.
PHPBB3-11610
|
| |
|
|
|
|
| |
There is currently no use for it being public.
PHPBB3-11610
|
| |
|
|
|
|
| |
Tests cover all supported hashing algorithms.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
|
| |
We will be using the same method inside the driver helper class for all hash
types. This is the same function that has been used for the salted md5 hash
of phpBB 3.0.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
| |
Functions for the helper class might be used in other drivers as well and
therefore shouldn't be limited to just one driver.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
|
| |
8-bit unicode characters might reduce the security of the password hash
when using the $2a$ bcrypt prefix. Those types of characters are usually
not used in passwords but we should prevent this possible issue anyway.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
|
| |
The $2a$ prefix is the basic implementation with the $2y$ prefix extending
that class. However, the default hashes for phpBB should be generated with
$2y$ unless the PHP version is older than 5.3.7.
PHPBB3-11610
|
| |
|
|
|
|
|
| |
The phpass driver extends the standard salted md5 driver of phpBB3. It will
only support the $P$ prefix that phpass uses.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Combined hashes can be used for i.e. converting already existing
password hashes to bcrypt. While this will not provide the same security
a pure bcrypt hash provides, it will still be significantly more secure
than a standard salted md5.
A combined hash will look as follows:
$H\2y${salted_for_H_prefix}${salt_+_settings_for_2y_prefix}${hash}
The prefixes are seperated by a backslash. Individual settings (which
can include either just the salt or a salt and possible additional settings)
are seperated by dollar signs. As backslashes and dollar signs are not
allowed in hashes or salts, they will be used for seperating the settings
from the salt.
Here is an example of a password hash:
$H\2a$9zv1uIaq1$10\1ff4640409fb96a449c1fO$/oN1O0cdUmFSMZT3UZKrgAyalhnt1LC
The 'H' prefix stands for the salted md5 implementation of phpBB 3.0.
Its settings will be parsed as 9zv1uIaq1 resulting in a hash for the check
as follows:
$H$9zv1uIaq1{hash}
Since the password is used for hashing, the {hash} can be left blank and
will basically be filled by the hashing algorithm. The {hash} will then be
used as password for the next hashing algorithm. In this case that would be
the bcrypt algorithm. The settings are set to 10\1ff4640409fb96a449c1fO which
will be transformed to 10$1ff4640409fb96a449c1fO resulting in a hash like
this for the bcrypt hashing function:
$2a$10$1ff4640409fb96a449c1fO{hash}
The {hash} will again be basically filled by the hashing algorithm.
Afterwards, the {hash} will be extracted from the returned hash and put at
the end of the already known hash settings:
$H\2a$9zv1uIaq1$10\1ff4640409fb96a449c1fO$
If the password is correct, the combined hash will of course be the same
as the stored one.
PHPBB3-11610
|
| |
|
|
|
|
|
| |
This will contain definitions of the services and the service collection
that will be passed to the passwords manager.
PHPBB3-11610
|
| |
|
|
|
|
|
| |
The passwords manager is capable of checking and hashing passwords.
It will support different hashing algorithms.
PHPBB3-11610
|
| |\
| |
| |
| |
| |
| |
| | |
* rechosen/ticket/11792:
[ticket/11792] Add functional test for var lang_set_ext of core.user_setup
[ticket/11792] Add performance remark to core.user_setup event PHPDoc
[ticket/11792] Add variable 'lang_set_ext' to event core.user_setup
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
To ensure that the new lang_set_ext variable available with the
core.user_setup event works properly, a functional test was added. It
overwrites the value of the 'SKIP' language key, which is assumed to remain
in use for some time to come.
PHPBB3-11792
|
| | |
| |
| |
| |
| |
| |
| |
| | |
To prevent extension authors from loading all their translations globally, a
remark on this was added to the PHPDoc documentation of the core.user_setup
event.
PHPBB3-11792
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
To allow extensions to add global language strings just like mods can, add the
'lang_set_ext' variable to the core.user_setup event. It requires an ext_name
to be specified as well as a lang_set, and loads the specified lang_set in the
context of the extension.
PHPBB3-11792
|
| |\ \
| | |
| | |
| | |
| | | |
* mvinny/ticket/11804:
[ticket/11804] Remove </li> from overall_header which was not open
|
| |/ /
| |
| |
| | |
PHPBB3-11804
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* develop-olympus:
[ticket/11802] replace $browser with $user->browser
Conflicts:
phpBB/download/file.php
|
| | |\ \
| | | |
| | | |
| | | |
| | | | |
* prep-release-3.0.12:
[ticket/11802] replace $browser with $user->browser
|
| | | |\ \
| | | | |
| | | | |
| | | | |
| | | | | |
* dhruvgoel92/ticket/11802:
[ticket/11802] replace $browser with $user->browser
|
| | | |/ /
| | | |
| | | |
| | | | |
PHPBB3-11802
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* develop-olympus:
[ticket/11801] removed some whitespace and added missing semi colon's in css
Conflicts:
phpBB/styles/prosilver/theme/colours.css
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
* Prosk8er/ticket/11801:
[ticket/11801] removed some whitespace and added missing semi colon's in css
|
| | |/ / /
| | | |
| | | |
| | | | |
PHPBB3-11801
|
| |\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | | |
# By Oliver Schramm
# Via Oliver Schramm
* Elsensee/ticket/11760:
[ticket/11760] Use phpbb_version_compare() wrapper
|
| | | | |
| | | |
| | | |
| | | | |
PHPBB3-11760
|
| |\ \ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
* develop-olympus:
[ticket/11789] Remove inline color in memberlist_view
Conflicts:
phpBB/styles/subsilver2/template/memberlist_view.html
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
* cyberalien/ticket/11789:
[ticket/11789] Remove inline color in memberlist_view
|
| | | | | |
| | | | |
| | | | |
| | | | | |
PHPBB3-11789
|
| |\ \ \ \ \
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* develop-olympus:
[ticket/11789] Remove colors from HTML code
Conflicts:
phpBB/styles/subsilver2/template/ucp_pm_history.html
|
| | |\ \ \ \
| | |/ / /
| | | | |
| | | | |
| | | | | |
* cyberalien/ticket/11789:
[ticket/11789] Remove colors from HTML code
|
| | | | | |
| | | | |
| | | | |
| | | | | |
PHPBB3-11789
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* cyberalien/ticket/11796:
[ticket/11796] Replace pagination with pagination.html
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11796
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* cyberalien/ticket/11779:
[ticket/11779] Fix unapproved messages class name
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11779
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* cyberalien/ticket/11800:
[ticket/11800] Fix scripts variable in subsilver simple_footer
[ticket/11800] Fix JavaScript in simple_footer.html
[ticket/11800] Remove forum_fn from memberlist_search.html
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
PHPBB3-11800
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Include forum_fn.js via INCLUDEJS
Move $SCRIPTS after footer event, allowing extensions to include scripts
Use correct template variable for including scripts
PHPBB3-11800
|
| | | |/ / / / /
| |/| | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11800
|
