--- /dev/null
+<?php
+namespace wcf\system\user\authentication\password\algorithm;
+use wcf\system\user\authentication\password\IPasswordAlgorithm;
+
+/**
+ * Implementation of the password algorithm for phpFox 3.x.
+ *
+ * @author Joshua Ruesweg
+ * @copyright 2001-2020 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package WoltLabSuite\Core\System\User\Authentication\Password\Algorithm
+ * @since 5.4
+ */
+final class Phpfox3 implements IPasswordAlgorithm {
+ /**
+ * @inheritDoc
+ */
+ public function verify(string $password, string $hash): bool {
+ [$hash, $salt] = explode(':', $hash, 2);
+
+ return \hash_equals($hash, $this->hashWithSalt($password, $salt));
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function hash(string $password): string {
+ $salt = \bin2hex(\random_bytes(20));
+
+ return $this->hashWithSalt($password, $salt).':'.$salt;
+ }
+
+ /**
+ * Returns the hashed password, hashed with a given salt.
+ */
+ private function hashWithSalt(string $password, string $salt): string {
+ return \md5(\md5($password) . \md5($salt));
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function needsRehash(string $hash): bool {
+ return false;
+ }
+}
}
/**
- * Validates the password hash for phpFox 3.x
- * Merge phpfox_user.password and phpfox_user.password_salt with ':' before importing all data row values
- * See PasswordUtil::checkPassword() for more info
- *
- * @param string $username
- * @param string $password
- * @param string $salt
- * @param string $dbHash
- * @return boolean
+ * @deprecated 5.4 - Use the new password algorithm framework in \wcf\system\user\authentication\password\*.
*/
protected static function phpfox3($username, $password, $salt, $dbHash) {
if (\hash_equals($dbHash, md5(md5($password) . md5($salt)))) {
projects / GitHub / WoltLab / WCF.git / commitdiff