diff options
| -rw-r--r-- | lib/password.php | 18 | ||||
| -rw-r--r-- | test/Unit/PasswordHashTest.php | 2 |
2 files changed, 16 insertions, 4 deletions
diff --git a/lib/password.php b/lib/password.php index 0a8a348..33b9130 100644 --- a/lib/password.php +++ b/lib/password.php @@ -57,6 +57,7 @@ if (!defined('PASSWORD_DEFAULT')) { trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); return null; } + $salt_requires_encoding = false; if (isset($options['salt'])) { switch (gettype($options['salt'])) { case 'NULL': @@ -81,7 +82,7 @@ if (!defined('PASSWORD_DEFAULT')) { trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING); return null; } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { - $salt = str_replace('+', '.', base64_encode($salt)); + $salt_requires_encoding = true; } } else { $buffer = ''; @@ -120,7 +121,18 @@ if (!defined('PASSWORD_DEFAULT')) { } } } - $salt = str_replace('+', '.', base64_encode($buffer)); + $salt = $buffer; + $salt_requires_encoding = true; + } + if ($salt_requires_encoding) { + // encode string with the Base64 variant used by crypt + $base64_digits = + 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; + $bcrypt64_digits = + './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; + + $base64_string = base64_encode($salt); + $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits); } $salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len); @@ -261,4 +273,4 @@ namespace PasswordCompat\binary { return substr($binary_string, $start, $length); } -}
\ No newline at end of file +} diff --git a/test/Unit/PasswordHashTest.php b/test/Unit/PasswordHashTest.php index 9e5e9ec..b7bbc48 100644 --- a/test/Unit/PasswordHashTest.php +++ b/test/Unit/PasswordHashTest.php @@ -22,7 +22,7 @@ class PasswordHashTest extends PHPUnit_Framework_TestCase { public function testRawSalt() { $hash = password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0))); - $this->assertEquals('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', $hash); + $this->assertEquals('$2y$10$KRGxLBS0Lxe3KBCwKxOzLexLDeu0ZfqJAKTubOfy7O/yL2hjimw3u', $hash); } /** |