From beafef00004007024d3c8c769d630d7d5ec9b698 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 14 Sep 2013 14:17:14 +0200 Subject: [feature/passwords] Add missing function documentation Additionally, a new line has been added to make the code look nicer. PHPBB3-11610 --- phpBB/phpbb/passwords/manager.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index 9477ef5c2b..da6d65c487 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -140,6 +140,7 @@ class phpbb_passwords_manager } return $return_ary; } + if (isset($this->type_map[$match[0]])) { return $this->type_map[$match[0]]; @@ -169,7 +170,9 @@ class phpbb_passwords_manager } $hashing_algorithm = $this->container->get($type); + // Do not support 8-bit characters with $2a$ bcrypt + // Also see http://www.php.net/security/crypt_blowfish.php if ($type === 'passwords.driver.bcrypt' || ($type === 'passwords.driver.bcrypt_2y' && !$hashing_algorithm->is_supported())) { if (ord($password[strlen($password)-1]) & 128) @@ -181,6 +184,14 @@ class phpbb_passwords_manager return $this->container->get($type)->hash($password); } + /** + * Check supplied password against hash and set convert_flag if password + * needs to be converted to different format (preferrably newer one) + * + * @param string $password Password that should be checked + * @param string $hash Stored hash + * @return string|bool True if password is correct, false if not + */ public function check_hash($password, $hash) { // First find out what kind of hash we're dealing with -- cgit v1.2.1