| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
| |
The driver helper method unique_id is called inside the helper. Therefore,
it shouldn't be called via $this->helper but rather via $this.
PHPBB3-11610
|
| |
|
|
|
|
|
| |
The authentication system should handle the possible errors for now.
Additional error returns can be added later on if they are needed.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
|
| |
If the type map is empty the service container is incomplete or broken.
There is no need to check this as other components would probably be broken
at the same time.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
| |
Combined hashing requires it for checking the supplied password hash for
its hashing algorithm.
PHPBB3-11610
|
| |
|
|
|
|
|
| |
This will allow to hash a previously hashed password with another hashing
method, i.e. as upgrade path from phpBB 3.0 to 3.1.
PHPBB3-11610
|
| |
|
|
|
|
| |
This is also needed for combined hashing of passwords.
PHPBB3-11610
|
| |
|
|
|
|
|
| |
These limitations caused it to only allow a specific input to combined
hashes.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
| |
This is needed for combined hashing of passwords.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
| |
Also added tests to make sure that crypto drivers are enforcing the hash
length.
PHPBB3-11610
|
| |
|
|
|
|
| |
There is currently no use for it being public.
PHPBB3-11610
|
| |
|
|
|
|
|
|
| |
We will be using the same method inside the driver helper class for all hash
types. This is the same function that has been used for the salted md5 hash
of phpBB 3.0.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
| |
Functions for the helper class might be used in other drivers as well and
therefore shouldn't be limited to just one driver.
PHPBB3-11610
|
| |
|
|
|
|
|
|
| |
8-bit unicode characters might reduce the security of the password hash
when using the $2a$ bcrypt prefix. Those types of characters are usually
not used in passwords but we should prevent this possible issue anyway.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
|
| |
The $2a$ prefix is the basic implementation with the $2y$ prefix extending
that class. However, the default hashes for phpBB should be generated with
$2y$ unless the PHP version is older than 5.3.7.
PHPBB3-11610
|
| |
|
|
|
|
|
| |
The phpass driver extends the standard salted md5 driver of phpBB3. It will
only support the $P$ prefix that phpass uses.
PHPBB3-11610
|
| |
|
|
| |
PHPBB3-11610
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Combined hashes can be used for i.e. converting already existing
password hashes to bcrypt. While this will not provide the same security
a pure bcrypt hash provides, it will still be significantly more secure
than a standard salted md5.
A combined hash will look as follows:
$H\2y${salted_for_H_prefix}${salt_+_settings_for_2y_prefix}${hash}
The prefixes are seperated by a backslash. Individual settings (which
can include either just the salt or a salt and possible additional settings)
are seperated by dollar signs. As backslashes and dollar signs are not
allowed in hashes or salts, they will be used for seperating the settings
from the salt.
Here is an example of a password hash:
$H\2a$9zv1uIaq1$10\1ff4640409fb96a449c1fO$/oN1O0cdUmFSMZT3UZKrgAyalhnt1LC
The 'H' prefix stands for the salted md5 implementation of phpBB 3.0.
Its settings will be parsed as 9zv1uIaq1 resulting in a hash for the check
as follows:
$H$9zv1uIaq1{hash}
Since the password is used for hashing, the {hash} can be left blank and
will basically be filled by the hashing algorithm. The {hash} will then be
used as password for the next hashing algorithm. In this case that would be
the bcrypt algorithm. The settings are set to 10\1ff4640409fb96a449c1fO which
will be transformed to 10$1ff4640409fb96a449c1fO resulting in a hash like
this for the bcrypt hashing function:
$2a$10$1ff4640409fb96a449c1fO{hash}
The {hash} will again be basically filled by the hashing algorithm.
Afterwards, the {hash} will be extracted from the returned hash and put at
the end of the already known hash settings:
$H\2a$9zv1uIaq1$10\1ff4640409fb96a449c1fO$
If the password is correct, the combined hash will of course be the same
as the stored one.
PHPBB3-11610
|
| |
|
|
|
|
|
| |
The passwords manager is capable of checking and hashing passwords.
It will support different hashing algorithms.
PHPBB3-11610
|
| |\
| |
| |
| |
| | |
* cyberalien/ticket/11754:
[ticket/11754] Remove styleswitcher leftovers
|
| | |
| |
| |
| | |
PHPBB3-11754
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* develop-olympus:
[ticket/11775] Fix doc blocks syntax
[ticket/11775] Remove spaces at line ends
[ticket/11775] Split test into multiple steps
[ticket/11775] Add functional test for moving the last post
[ticket/11775] Backport moving of the posting functions to 3.0
[ticket/11775] Fix error when moving the last post to another topic
Conflicts:
tests/test_framework/phpbb_functional_test_case.php
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* prep-release-3.0.12:
[ticket/11775] Fix doc blocks syntax
[ticket/11775] Remove spaces at line ends
[ticket/11775] Split test into multiple steps
[ticket/11775] Add functional test for moving the last post
[ticket/11775] Backport moving of the posting functions to 3.0
[ticket/11775] Fix error when moving the last post to another topic
|
| | | | |
| | | |
| | | |
| | | | |
PHPBB3-11775
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
PHPBB3-11774
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
# By Joas Schilling (16) and Igor Wiedler (6)
# Via Joas Schilling (5) and Igor Wiedler (2)
* nickvergessen/ticket/11574: (22 commits)
[ticket/11574] Remove install/udpate/new/ fallback from database_update.php
[ticket/11574] Do not display incompatible package note after successful update
[ticket/11574] Remove old "continue step"-message
[ticket/11574] Change order of files and database update
[ticket/11574] Fix more issues in the updater
[ticket/11574] Add trailing slash for consistency
[ticket/11574] Fix table prefix in database updater
[ticket/11574] Fix various path issues in the updater
[ticket/11574] Make install language filename less crazy
[ticket/11574] Use alternate DI config file for updater
[ticket/11574] Include normalizer so it loads form the correct directory
[ticket/11574] Only fall back to install/update versions, when IN_INSTALL ;)
[ticket/11574] Use log object instead of old function
[ticket/11574] Include vendor into update packages
[ticket/11574] Create phpbb_log object before using it.
[ticket/11574] Add correct language parameter to return links
[ticket/11574] Use request object rather then request_var function
[ticket/11574] Load new language files whenever possible
[ticket/11574] Require new files in install/index.php and add a class loader
[ticket/11574] Require new files in database_update.php and add a class loader
...
|
| | |\ \ \ \
| | | |_|/
| | |/| |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* phpbb/develop: (130 commits)
[ticket/11638] Changed the layout to match the other similar commits
[ticket/11640] removed the space that I wonder what it was doing there.
[ticket/11749] Move event after all template data has been defined
[ticket/10917] Variable used only once so delete it
[ticket/10917] Revert use of phpbb wrapper
[ticket/11749] Template events for topic_list_row_pre/append
[ticket/11749] PHP Events for viewforum.php
[ticket/11749] PHP Events for search.php
[ticket/11740] Update FAQ to include Ideas Centre
[ticket/11062] If user's language is english there is no further work needed
[ticket/11062] Load new strings from user's language file if provided
[ticket/10917] Using phpbb wrapper
[ticket/10917] Fixed notice that files are out of date when updating to an unreleased version
[ticket/11741] Fix empty brackets and remove bullet
[ticket/11638] Removed the unneeded reset.
[ticket/11638] Use the $parse_flags like the other commits
[ticket/11638] Reverted to use the $parse tags way as the other ones
[ticket/11638] Updated: bitwise $parse_flags use optionset()
[ticket/11656] Made the check for the bitfield just like other PR's
[ticket/11667] Use @inheritdoc
...
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Stupid mistake in phpbb_create_update_container
* Do not bootstrap extensions in installer/updater
* Fix template lookup in installer/updater
* Do not attempt to delete posts from bots
The latter is a really fun problem. Since deleting posts now depends
on a new db column that does not exist yet, we cannot call delete_post
from a migration, ever. By using retain, we can hack around the issue
for now.
PHPBB3-11574
|
| | |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* upstream/develop: (575 commits)
[ticket/11702] Fix forum_posts left over for link-click counts in viewforum.php
[ticket/11696] Move file to new directory
[ticket/11696] Rename constructor to __construct()
[ticket/11696] Remove manual loading of db_tools in extension controller test
[ticket/11696] Rename db_tools.php so it can be autoloaded
[ticket/11698] Moving all autoloadable files to phpbb/
[ticket/11694] Do not locate assets with root path
[ticket/11692] Don't update search_type in dev migration if already appended
[ticket/11675] Fix template loop
[ticket/11690] Old module class names may get autoloaded by class_exists
[ticket/9649] Display information on index for moderators on unapproved posts
[ticket/10999] Fix assets_version in ACP
[prep-release-3.0.12] More changelog items for the 3.0.12 release.
[ticket/11687] Add assets_version to phpbb_config
[ticket/11686] Not checking for phpBB Debug errors on functional tests
[ticket/11670] Consistency with logo: Replace "phpBB(tm)" with "phpBB(R)".
[ticket/11674] Do not include vendor folder if there are no dependencies.
[ticket/11685] Remove logout confirmation page
[ticket/11684] Remove useless confirmation page after login and admin login
[ticket/9657] Define user before injecting
...
Conflicts:
phpBB/includes/functions_container.php
phpBB/install/database_update.php
phpBB/install/index.php
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11574
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11574
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11574
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11574
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11574
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11574
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11574
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* brunoais/ticket11639:
[ticket/11639] Changing how censorship is handled.
[ticket/11639] Removed a non-needed unset
[ticket/11639] Whitespace fixing
[ticket/11639] Whitespace fixing
[ticket/11639] Added an useful comment.
[ticket/11639] generate_text_for_display on functions_posting.php
|
