Explicitly implement `Phpass::hash()` and `Phpass::needsRehash()`

They don't really belong into the `TPhpass` trait.

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php
index 575a3e07eac21075c667c304929d4b8877f8c539..9ed648f762d67d05143e098513da6fe5c4a95f1c 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php
@@ -2,6 +2,7 @@
 
 namespace wcf\system\user\authentication\password\algorithm;
 
+use ParagonIE\ConstantTime\Hex;
 use wcf\system\user\authentication\password\IPasswordAlgorithm;
 
 /**
@@ -16,4 +17,32 @@ use wcf\system\user\authentication\password\IPasswordAlgorithm;
 final class Phpass implements IPasswordAlgorithm
 {
     use TPhpass;
+
+    private const COSTS = 10;
+
+    /**
+     * @inheritDoc
+     */
+    public function hash(string $password): string
+    {
+        $salt = Hex::encode(\random_bytes(4));
+
+        return $this->hashPhpass($password, $this->getSettings() . $salt) . ':';
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function needsRehash(string $hash): bool
+    {
+        return !\str_starts_with($hash, $this->getSettings());
+    }
+
+    /**
+     * Returns the settings prefix with the algorithm identifier and costs.
+     */
+    private function getSettings(): string
+    {
+        return '$H$' . $this->itoa64[self::COSTS];
+    }
 }