From 9b24fda5cd1f6e85c536dc2bc3e5f1bbdef5b7c2 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Fri, 19 Jul 2013 20:49:24 +0200
Subject: [feature/passwords] Move files after namespacing changes

PHPBB3-11610
---
 phpBB/phpbb/crypto/driver/base.php       |  47 +++++++
 phpBB/phpbb/crypto/driver/bcrypt.php     | 108 ++++++++++++++++
 phpBB/phpbb/crypto/driver/bcrypt_2y.php  |  48 +++++++
 phpBB/phpbb/crypto/driver/helper.php     | 143 +++++++++++++++++++++
 phpBB/phpbb/crypto/driver/interface.php  |  68 ++++++++++
 phpBB/phpbb/crypto/driver/phpass.php     |  40 ++++++
 phpBB/phpbb/crypto/driver/salted_md5.php | 152 +++++++++++++++++++++++
 phpBB/phpbb/crypto/helper.php            | 194 +++++++++++++++++++++++++++++
 phpBB/phpbb/crypto/manager.php           | 206 +++++++++++++++++++++++++++++++
 9 files changed, 1006 insertions(+)
 create mode 100644 phpBB/phpbb/crypto/driver/base.php
 create mode 100644 phpBB/phpbb/crypto/driver/bcrypt.php
 create mode 100644 phpBB/phpbb/crypto/driver/bcrypt_2y.php
 create mode 100644 phpBB/phpbb/crypto/driver/helper.php
 create mode 100644 phpBB/phpbb/crypto/driver/interface.php
 create mode 100644 phpBB/phpbb/crypto/driver/phpass.php
 create mode 100644 phpBB/phpbb/crypto/driver/salted_md5.php
 create mode 100644 phpBB/phpbb/crypto/helper.php
 create mode 100644 phpBB/phpbb/crypto/manager.php

(limited to 'phpBB/phpbb')

diff --git a/phpBB/phpbb/crypto/driver/base.php b/phpBB/phpbb/crypto/driver/base.php
new file mode 100644
index 0000000000..c134122174
--- /dev/null
+++ b/phpBB/phpbb/crypto/driver/base.php
@@ -0,0 +1,47 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+abstract class phpbb_crypto_driver_base implements phpbb_crypto_driver_interface
+{
+	/** @var phpbb_config */
+	protected $config;
+
+	/** @var phpbb_crypto_driver_helper */
+	protected $helper;
+
+	/**
+	* Constructor of crypto driver object
+	*
+	* @return string	Hash prefix
+	*/
+	public function __construct(phpbb_config $config)
+	{
+		$this->config = $config;
+		$this->helper = new phpbb_crypto_driver_helper($this);
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function is_supported()
+	{
+		return true;
+	}
+}
diff --git a/phpBB/phpbb/crypto/driver/bcrypt.php b/phpBB/phpbb/crypto/driver/bcrypt.php
new file mode 100644
index 0000000000..ad5a8036c3
--- /dev/null
+++ b/phpBB/phpbb/crypto/driver/bcrypt.php
@@ -0,0 +1,108 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+class phpbb_crypto_driver_bcrypt extends phpbb_crypto_driver_base
+{
+	const PREFIX = '$2a$';
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_type()
+	{
+		return get_class($this);
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function hash($password, $salt = '')
+	{
+		// The 2x and 2y prefixes of bcrypt might not be supported
+		// Revert to 2a if this is the case
+		$prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
+
+		if ($salt == '')
+		{
+			$salt = $prefix . '10$' . $this->get_random_salt();
+		}
+
+		$hash = crypt($password, $salt);
+		if (strlen($hash) < 60)
+		{
+			return false;
+		}
+		return $hash;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function check($password, $hash)
+	{
+		$salt = substr($hash, 0, 29);
+		if (strlen($salt) != 29)
+		{
+			return false;
+		}
+
+		if ($hash == $this->hash($password, $salt))
+		{
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	* Get a random salt value with a length of 22 characters
+	*
+	* @return string Salt for password hashing
+	*/
+	protected function get_random_salt()
+	{
+		return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_settings_only($hash, $full = false)
+	{
+		if ($full)
+		{
+			$pos = stripos($hash, '$', 1) + 1;
+			$length = 22 + (strripos($hash, '$') + 1 - $pos);
+		}
+		else
+		{
+			$pos = strripos($hash, '$') + 1;
+			$length = 22;
+		}
+		return substr($hash, $pos, $length);
+	}
+}
diff --git a/phpBB/phpbb/crypto/driver/bcrypt_2y.php b/phpBB/phpbb/crypto/driver/bcrypt_2y.php
new file mode 100644
index 0000000000..8bce171a25
--- /dev/null
+++ b/phpBB/phpbb/crypto/driver/bcrypt_2y.php
@@ -0,0 +1,48 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+class phpbb_crypto_driver_bcrypt_2y extends phpbb_crypto_driver_bcrypt
+{
+	const PREFIX = '$2y$';
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_type()
+	{
+		return get_class($this);
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function is_supported()
+	{
+		return (version_compare(PHP_VERSION, '5.3.7', '<')) ? false : true;
+	}
+}
diff --git a/phpBB/phpbb/crypto/driver/helper.php b/phpBB/phpbb/crypto/driver/helper.php
new file mode 100644
index 0000000000..308ee7dce2
--- /dev/null
+++ b/phpBB/phpbb/crypto/driver/helper.php
@@ -0,0 +1,143 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+class phpbb_crypto_driver_helper
+{
+	/** @var phpbb_config */
+	protected $driver;
+
+	/**
+	* base64 alphabet
+	* @var string
+	*/
+	public $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+
+	/**
+	* Constructor of crypto driver helper object
+	*/
+	public function __construct($driver)
+	{
+		$this->driver = $driver;
+	}
+
+	/**
+	* Base64 encode hash
+	*
+	* @param string $input Input string
+	* @param int $count Input string length
+	*
+	* @return string base64 encoded string
+	*/
+	public function hash_encode64($input, $count)
+	{
+		$output = '';
+		$i = 0;
+
+		do
+		{
+			$value = ord($input[$i++]);
+			$output .= $this->itoa64[$value & 0x3f];
+
+			if ($i < $count)
+			{
+				$value |= ord($input[$i]) << 8;
+			}
+
+			$output .= $this->itoa64[($value >> 6) & 0x3f];
+
+			if ($i++ >= $count)
+			{
+				break;
+			}
+
+			if ($i < $count)
+			{
+				$value |= ord($input[$i]) << 16;
+			}
+
+			$output .= $this->itoa64[($value >> 12) & 0x3f];
+
+			if ($i++ >= $count)
+			{
+				break;
+			}
+
+			$output .= $this->itoa64[($value >> 18) & 0x3f];
+		}
+		while ($i < $count);
+
+		return $output;
+	}
+
+	/**
+	* Return unique id
+	* @param string $extra additional entropy
+	*
+	* @return string Unique id
+	*/
+	public function unique_id($extra = 'c')
+	{
+		static $dss_seeded = false;
+		global $config;
+
+		$val = $config['rand_seed'] . microtime();
+		$val = md5($val);
+		$config['rand_seed'] = md5($config['rand_seed'] . $val . $extra);
+
+		if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
+		{
+			set_config('rand_seed_last_update', time(), true);
+			set_config('rand_seed', $config['rand_seed'], true);
+			$dss_seeded = true;
+		}
+
+		return substr($val, 4, 16);
+	}
+
+	/**
+	* Get random salt with specified length
+	*
+	* @param int $length Salt length
+	*/
+	public function get_random_salt($length)
+	{
+		$random = '';
+
+		if (($fh = @fopen('/dev/urandom', 'rb')))
+		{
+			$random = fread($fh, $length);
+			fclose($fh);
+		}
+
+		if (strlen($random) < $length)
+		{
+			$random = '';
+			$random_state = $this->unique_id();
+
+			for ($i = 0; $i < $length; $i += 16)
+			{
+				$random_state = md5($this->unique_id() . $random_state);
+				$random .= pack('H*', md5($random_state));
+			}
+			$random = substr($random, 0, $length);
+		}
+		return $random;
+	}
+}
diff --git a/phpBB/phpbb/crypto/driver/interface.php b/phpBB/phpbb/crypto/driver/interface.php
new file mode 100644
index 0000000000..9686aa33de
--- /dev/null
+++ b/phpBB/phpbb/crypto/driver/interface.php
@@ -0,0 +1,68 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+interface phpbb_crypto_driver_interface
+{
+	/**
+	* Check if hash type is supported
+	*
+	* @return bool		True if supported, false if not
+	*/
+	public function is_supported();
+	/**
+	* Returns the hash prefix
+	*
+	* @return string	Hash prefix
+	*/
+	public function get_prefix();
+
+	/**
+	* Returns the name of the hash type
+	*
+	* @return string	Hash type of driver
+	*/
+	public function get_type();
+
+	/**
+	* Hash the password
+	*
+	* @return string	Password hash
+	*/
+	public function hash($password);
+
+	/**
+	* Check the password against the supplied hash
+	*
+	* @param string		$password The password to check
+	* @param string		$hash The password hash to check against
+	* @return bool		True if password is correct, else false
+	*/
+	public function check($password, $hash);
+
+	/**
+	* Get only the settings of the specified hash
+	*
+	* @param string		$hash Password hash
+	* @param bool		$full Return full settings or only settings
+	*			related to the salt
+	* @return string	String containing the hash settings
+	*/
+	public function get_settings_only($hash, $full = false);
+}
diff --git a/phpBB/phpbb/crypto/driver/phpass.php b/phpBB/phpbb/crypto/driver/phpass.php
new file mode 100644
index 0000000000..4868464d73
--- /dev/null
+++ b/phpBB/phpbb/crypto/driver/phpass.php
@@ -0,0 +1,40 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+class phpbb_crypto_driver_phpass extends phpbb_crypto_driver_salted_md5
+{
+	const PREFIX = '$P$';
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_type()
+	{
+		return get_class($this);
+	}
+}
diff --git a/phpBB/phpbb/crypto/driver/salted_md5.php b/phpBB/phpbb/crypto/driver/salted_md5.php
new file mode 100644
index 0000000000..c5a8345453
--- /dev/null
+++ b/phpBB/phpbb/crypto/driver/salted_md5.php
@@ -0,0 +1,152 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base
+{
+	const PREFIX = '$H$';
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_type()
+	{
+		return get_class($this);
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function hash($password, $setting = '')
+	{
+		if ($setting != '')
+		{
+			if (($settings = $this->get_hash_settings($setting)) === false)
+			{
+				return false;
+			}
+		}
+		else
+		{
+			if (($settings = $this->get_hash_settings($this->generate_salt())) === false)
+			{
+				return false;
+			}
+		}
+
+		$hash = md5($settings['salt'] . $password, true);
+		do
+		{
+			$hash = md5($hash . $password, true);
+		}
+		while (--$settings['count']);
+
+		$output = $settings['full'];
+		$output .= $this->helper->hash_encode64($hash, 16);
+
+		if (strlen($output) == 34)
+		{
+			return $output;
+		}
+
+		// Should we really just return the md5 of the password? O.o
+		return md5($password);
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function check($password, $hash)
+	{
+		if (strlen($hash) !== 34)
+		{
+			return (md5($password) === $hash) ? true : false;
+		}
+		// No need to check prefix, already did that in manage
+
+		if ($hash === $this->hash($password, $hash))
+		{
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	* Generate salt for hashing method
+	*
+	* @return string Salt for hashing method
+	*/
+	protected function generate_salt()
+	{
+		$salt = '';
+		$random = '';
+		$count = 6;
+
+		$random = $this->helper->get_random_salt($count);
+
+		$salt = $this->get_prefix();
+		$salt .= $this->helper->itoa64[min($count + 5, 30)];
+		$salt .= $this->helper->hash_encode64($random, $count);
+
+		return $salt;
+	}
+
+	/**
+	* Get hash settings
+	*
+	* @return array Array containing the count_log2, salt, and full hash
+	*		settings string
+	*/
+	public function get_hash_settings($hash)
+	{
+		if (empty($hash))
+		{
+			return false;
+		}
+		$count_log2 = strpos($this->helper->itoa64, $hash[3]);
+		$salt = substr($hash, 4, 8);
+
+		if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8)
+		{
+			return false;
+		}
+
+		return array(
+			'count'	=> 1 << $count_log2,
+			'salt'	=> $salt,
+			'full'	=> substr($hash, 0, 12),
+		);
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_settings_only($hash, $full = false)
+	{
+		return substr($hash, 3, 9);
+	}
+}
diff --git a/phpBB/phpbb/crypto/helper.php b/phpBB/phpbb/crypto/helper.php
new file mode 100644
index 0000000000..9c802b3c01
--- /dev/null
+++ b/phpBB/phpbb/crypto/helper.php
@@ -0,0 +1,194 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+class phpbb_crypto_helper
+{
+	/**
+	* @var phpbb_crypto_manager
+	*/
+	protected $manager;
+
+	/**
+	* @var phpbb_container
+	*/
+	protected $container;
+
+	/**
+	* Construct a phpbb_crypto_helper object
+	*
+	* @param phpbb_crypto_manager $manager Crypto manager object
+	* @param phpbb_container $container phpBB container object
+	*/
+	public function __construct($manager, $container)
+	{
+		$this->manager = $manager;
+		$this->container = $container;
+	}
+
+	/**
+	* Get hash settings from combined hash
+	*
+	* @param string $hash Password hash of combined hash
+	*
+	* @return array An array containing the hash settings for the hash
+	*		types in successive order as described by the comined
+	*		password hash
+	*/
+	protected function get_combined_hash_settings($hash)
+	{
+		preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $hash, $match);
+		$hash_settings = substr($hash, strpos($hash, $match[1]) + strlen($match[1]) + 1);
+		$matches = explode('\\', $match[1]);
+		foreach ($matches as $cur_type)
+		{
+			$dollar_position = strpos($hash_settings, '$');
+			$output[] = substr($hash_settings, 0, ($dollar_position != false) ? $dollar_position : strlen($hash_settings));
+			$hash_settings = substr($hash_settings, $dollar_position + 1);
+		}
+
+		return $output;
+	}
+
+	/**
+	* Create combined hash from already hashed password
+	*
+	* @param string $password_hash Complete current password hash
+	* @param string $type Type of the hashing algorithm the password hash
+	*		should be combined with
+	* @return string|bool Combined password hash if combined hashing was
+	*		successful, else false
+	*/
+	public function combined_hash_password($password_hash, $type)
+	{
+		$data = array(
+			'prefix' => '$',
+			'settings' => '$',
+		);
+		$hash_settings = $this->get_combined_hash_settings($password_hash);
+		$hash = $hash_settings[0];
+
+		// Put settings of current hash into data array
+		$stored_hash_type = $this->manager->get_hashing_algorithm($password_hash);
+		$this->combine_hash_output($data, 'prefix', $stored_hash_type->get_prefix());
+		$this->combine_hash_output($data, 'settings', $stored_hash_type->get_settings_only($password_hash));
+
+		// Hash current hash with the defined types
+		foreach ($type as $cur_type)
+		{
+			$new_hash_type = $this->container->get($cur_type);
+			$new_hash = $new_hash_type->hash(str_replace($stored_hash_type->get_settings_only($password_hash), '', $hash));
+			$this->combine_hash_output($data, 'prefix', $new_hash_type->get_prefix());
+			$this->combine_hash_output($data, 'settings', substr(str_replace('$', '\\', $new_hash_type->get_settings_only($new_hash, true)), 0));
+			$hash = str_replace($new_hash_type->get_settings_only($new_hash), '', $this->obtain_hash_only($new_hash));
+		}
+		return $this->combine_hash_output($data, 'hash', $hash);
+	}
+
+	/**
+	* Check combined password hash against the supplied password
+	*
+	* @param string $password Password entered by user
+	* @param array $stored_hash_type An array containing the hash types
+	*				as described by stored password hash
+	* @param string $hash Stored password hash
+	*
+	* @return bool True if password is correct, false if not
+	*/
+	public function check_combined_hash($password, $stored_hash_type, $hash)
+	{
+		$cur_hash = '';
+		$i = 0;
+		$data = array(
+			'prefix' => '$',
+			'settings' => '$',
+		);
+		$hash_settings = $this->get_combined_hash_settings($hash);
+		foreach ($stored_hash_type as $key => $hash_type)
+		{
+			$rebuilt_hash = $this->rebuild_hash($hash_type->get_prefix(), $hash_settings[$i]);
+			$this->combine_hash_output($data, 'prefix', $key);
+			$this->combine_hash_output($data, 'settings', $hash_settings[$i]);
+			$cur_hash = $hash_type->hash($password, $rebuilt_hash);
+			$password = str_replace($rebuilt_hash, '', $cur_hash);
+			$i++;
+		}
+		return ($hash === $this->combine_hash_output($data, 'hash', $password));
+	}
+
+	/**
+	* Combine hash prefixes, settings, and actual hash
+	*
+	* @param array $data Array containing the keys 'prefix' and 'settings'.
+	*			It will hold the prefixes and settings
+	* @param string $type Data type of the supplied value
+	* @param string $value Value that should be put into the data array
+	*
+	* @return string|none Return complete combined hash if type is neither
+	*			'prefix' nor 'settings', nothing if it is
+	*/
+	protected function combine_hash_output(&$data, $type, $value)
+	{
+		if ($type == 'prefix')
+		{
+			$data[$type] .= ($data[$type] !== '$') ? '\\' : '';
+			$data[$type] .= str_replace('$', '', $value);
+		}
+		elseif ($type == 'settings')
+		{
+			$data[$type] .= ($data[$type] !== '$') ? '$' : '';
+			$data[$type] .= $value;
+		}
+		else
+		{
+			// Return full hash
+			return $data['prefix'] . $data['settings'] . '$' . $value;
+		}
+	}
+
+	/**
+	* Rebuild hash for hashing functions
+	*
+	* @param string $prefix Hash prefix
+	* @param string $settings Hash settings
+	*
+	* @return string Rebuilt hash for hashing functions
+	*/
+	protected function rebuild_hash($prefix, $settings)
+	{
+		$rebuilt_hash = $prefix;
+		if (strpos($settings, '\\') !== false)
+		{
+			$settings = str_replace('\\', '$', $settings);
+		}
+		$rebuilt_hash .= $settings;
+		return $rebuilt_hash;
+	}
+
+	/**
+	* Obtain only the actual hash after the prefixes
+	*
+	* @param string		$hash The full password hash
+	* @return string	Actual hash (incl. settings)
+	*/
+	protected function obtain_hash_only($hash)
+	{
+		return substr($hash, strripos($hash, '$') + 1);
+	}
+}
diff --git a/phpBB/phpbb/crypto/manager.php b/phpBB/phpbb/crypto/manager.php
new file mode 100644
index 0000000000..753a86ae84
--- /dev/null
+++ b/phpBB/phpbb/crypto/manager.php
@@ -0,0 +1,206 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* @package crypto
+*/
+class phpbb_crypto_manager
+{
+	/**
+	* Default hashing method
+	*/
+	protected $type = false;
+
+	/**
+	* Hashing algorithm types
+	*/
+	protected $type_map = false;
+
+	/**
+	* Password convert flag. Password should be converted
+	*/
+	public $convert_flag = false;
+
+	/**
+	* Crypto helper
+	* @var phpbb_crypto_helper
+	*/
+	protected $helper;
+
+	/**
+	* phpBB configuration
+	* @var phpbb_config
+	*/
+	protected $config;
+
+	/**
+	* phpBB compiled container
+	* @var service_container
+	*/
+	protected $container;
+
+	/**
+	* Construct a crypto object
+	*
+	* @param phpbb_config $config phpBB configuration
+	*/
+	public function __construct($config, $container, $hashing_algorithms)
+	{
+		$this->config = $config;
+		$this->container = $container;
+		$this->type = 'crypto.driver.bcrypt_2y'; // might want to make this flexible
+
+		$this->fill_type_map($hashing_algorithms);
+		$this->load_crypto_helper();
+	}
+
+	/**
+	* Fill algorithm type map
+	*
+	* @param phpbb_di_service_collection $hashing_algorithms
+	*/
+	protected function fill_type_map($hashing_algorithms)
+	{
+		foreach ($hashing_algorithms as $algorithm)
+		{
+			if (!isset($this->type_map[$algorithm->get_prefix()]))
+			{
+				$this->type_map[$algorithm->get_prefix()] = $algorithm;
+			}
+		}
+	}
+
+	/**
+	* Load crypto helper class
+	*/
+	protected function load_crypto_helper()
+	{
+		if ($this->helper === null)
+		{
+			$this->helper = new phpbb_crypto_helper($this, $this->container);
+		}
+	}
+
+	/**
+	* Get the hash type from the supplied hash
+	*
+	* @param string $hash Password hash that should be checked
+	*
+	* @return object The hash type object
+	*/
+	public function get_hashing_algorithm($hash)
+	{
+		/*
+		* preg_match() will also show hashing algos like $2a\H$, which
+		* is a combination of bcrypt and phpass. Legacy algorithms
+		* like md5 will not be matched by this and need to be treated
+		* differently.
+		*/
+		if (!preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $hash, $match))
+		{
+			return $this->type_map['$H$'];
+		}
+
+		// Be on the lookout for multiple hashing algorithms
+		// 2 is correct: H\2a > 2, H\P > 2
+		if (strlen($match[1]) > 2)
+		{
+			$hash_types = explode('\\', $match[1]);
+			$return_ary = array();
+			foreach ($hash_types as $type)
+			{
+				if (isset($this->type_map["\${$type}\$"]))
+				{
+					// we do not support the same hashing
+					// algorithm more than once
+					if (isset($return_ary[$type]))
+					{
+						return false;
+					}
+					$return_ary[$type] = $this->type_map["\${$type}\$"];
+				}
+				else
+				{
+					return false;
+				}
+			}
+			return $return_ary;
+		}
+		if (isset($this->type_map[$match[0]]))
+		{
+			return $this->type_map[$match[0]];
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	/**
+	* Hash supplied password
+	*
+	* @param string $password Password that should be hashed
+	* @param string $type Hash type. Will default to standard hash type if
+	*			none is supplied
+	* @return string|bool Password hash of supplied password or false if
+	*			if something went wrong during hashing
+	*/
+	public function hash_password($password, $type = '')
+	{
+		$type = ($type === '') ? $this->type : $type;
+
+		if (is_array($type))
+		{
+			return $this->helper->combined_hash_password($password, $type);
+		}
+
+		$hashing_algorithm = $this->container->get($type);
+		// Do not support 8-bit characters with $2a$ bcrypt
+		if ($type === 'crypto.driver.bcrypt' || ($type === 'crypto.driver.bcrypt_2y' && !$hashing_algorithm->is_supported()))
+		{
+			if (ord($password[strlen($password)-1]) & 128)
+			{
+				return false;
+			}
+		}
+
+		return $this->container->get($type)->hash($password);
+	}
+
+	public function check_hash($password, $hash)
+	{
+		// First find out what kind of hash we're dealing with
+		$stored_hash_type = $this->get_hashing_algorithm($hash);
+		if ($stored_hash_type == false)
+		{
+			return false;
+		}
+
+		// Multiple hash passes needed
+		if (is_array($stored_hash_type))
+		{
+			return $this->helper->check_combined_hash($password, $stored_hash_type, $hash);
+		}
+
+		if ($stored_hash_type->get_type() !== $this->type)
+		{
+			$this->convert_flag = true;
+		}
+
+		return $stored_hash_type->check($password, $hash);
+	}
+}
-- 
cgit v1.2.1