| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | | |
| | | | |
| | | | |
| | | | | |
PHPBB3-11610
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Obsolete code that is impossible to hit has been removed and the logic
of the salted md5 driver has been changed to correctly implement the
phpBB 3.0 phpbb_hash() function.
PHPBB3-11610
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Only one small code part in the salted md5 driver can't be tested right now.
Passwords helper and passwords driver helper are now fully covered by tests.
PHPBB3-11610
|
| | | | | |
| | | | |
| | | | |
| | | | | |
PHPBB3-11610
|
| | |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Conflicts:
phpBB/includes/functions.php
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11610
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
These method names are more straightforward than the previous ones.
PHPBB3-11610
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The passwords manager will replace the old method of using the functions
phpbb_hash() and phpbb_check_hash().
PHPBB3-11610
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11610
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This will get rid of the global $config in the driver helper
PHPBB3-11610
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11610
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11610
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11610
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
PHPBB3-11610
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Conflicts:
phpBB/develop/create_schema_files.php
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The passwords driver helper is now injected into the driver base instead
of being manually loaded.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This will now be used instead of manually loading the passwords helper
instance in the passwords manager.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Also removed the effectively_installed() check that is not needed according
to EXreaction.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Additionally, a new line has been added to make the code look nicer.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The default hashing algorithm type is defined as a parameter in the service
definition file for the password hashing system. This will allow us to change
this in the future but it will also prevent unexperienced admins from changing
the hashing algorithm.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This will allow us to actually properly differentiate between the available
drivers.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The driver helper method unique_id is called inside the helper. Therefore,
it shouldn't be called via $this->helper but rather via $this.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The authentication system should handle the possible errors for now.
Additional error returns can be added later on if they are needed.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
If the type map is empty the service container is incomplete or broken.
There is no need to check this as other components would probably be broken
at the same time.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Combined hashing requires it for checking the supplied password hash for
its hashing algorithm.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This will allow to hash a previously hashed password with another hashing
method, i.e. as upgrade path from phpBB 3.0 to 3.1.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is also needed for combined hashing of passwords.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
These limitations caused it to only allow a specific input to combined
hashes.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is needed for combined hashing of passwords.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Also added tests to make sure that crypto drivers are enforcing the hash
length.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
There is currently no use for it being public.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
We will be using the same method inside the driver helper class for all hash
types. This is the same function that has been used for the salted md5 hash
of phpBB 3.0.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Functions for the helper class might be used in other drivers as well and
therefore shouldn't be limited to just one driver.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
8-bit unicode characters might reduce the security of the password hash
when using the $2a$ bcrypt prefix. Those types of characters are usually
not used in passwords but we should prevent this possible issue anyway.
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
PHPBB3-11610
|
