From 0510bc056b60e39027f366ad1e76a9adfea48cf6 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 28 Apr 2022 14:16:41 +0200
Subject: [PATCH] Explicitly implement `Phpass::hash()` and
 `Phpass::needsRehash()`

They don't really belong into the `TPhpass` trait.
---
 .../password/algorithm/Phpass.class.php       | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php
index 575a3e07ea..9ed648f762 100644
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpass.class.php
@@ -2,6 +2,7 @@
 
 namespace wcf\system\user\authentication\password\algorithm;
 
+use ParagonIE\ConstantTime\Hex;
 use wcf\system\user\authentication\password\IPasswordAlgorithm;
 
 /**
@@ -16,4 +17,32 @@ use wcf\system\user\authentication\password\IPasswordAlgorithm;
 final class Phpass implements IPasswordAlgorithm
 {
     use TPhpass;
+
+    private const COSTS = 10;
+
+    /**
+     * @inheritDoc
+     */
+    public function hash(string $password): string
+    {
+        $salt = Hex::encode(\random_bytes(4));
+
+        return $this->hashPhpass($password, $this->getSettings() . $salt) . ':';
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function needsRehash(string $hash): bool
+    {
+        return !\str_starts_with($hash, $this->getSettings());
+    }
+
+    /**
+     * Returns the settings prefix with the algorithm identifier and costs.
+     */
+    private function getSettings(): string
+    {
+        return '$H$' . $this->itoa64[self::COSTS];
+    }
 }
-- 
2.20.1