Skip to content
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.

Commit

Permalink
Merge branch 'feature/7334' into develop
Browse files Browse the repository at this point in the history 
Close zendframework/zendframework#7334
  • Loading branch information
@weierophinney
weierophinney committed Mar 17, 2015
99 parents 7cd82d1 + 782c5c5 + 0d5bda3 + cf06367 + 9e95067 + b9e33a1 + 6c7e92b + d891fb7 + 7b113a6 + 15ac5dd + 05957dd + 9432969 + 69b18f8 + 6c20354 + b2e0c83 + 6228d00 + 1a4abea + e547383 + 1a897b1 + 77e02de + c70d6ac + b1ba719 + c9b431d + 0639e78 + dacba6f + 4060bf3 + c24286b + 68b9818 + 61ca1b9 + cbe8a27 + 0bf0647 + 6893542 + b251bdd + 9ecdb37 + 1b357ee + 4a7c17e + a40cc7f + a000f96 + fef31dc + 2b50632 + e854c8c + 450528a + 01abc0c + af61218 + 9cff8b8 + a212dd6 + ce1ba30 + 0394674 + 4c09673 + 448a566 + 90e44d3 + b9a7700 + a4681fc + 3419ed9 + 3771323 + ef6db4b + 204cdac + 70d5d09 + 86ed85d + f7bd947 + a1f37b9 + e5f62f2 + 2700205 + 3149eaf + df4d984 + bc54625 + eac67c3 + f021fa1 + f1a161a + 29824cb + b25223b + 3ebfe30 + 4f5c924 + e01927a + e3fb995 + 414cbca + f63c096 + 7d3ed79 + ff2b316 + 793a217 + 6016f73 + f40e1d4 + caff185 + 24f0ea7 + 49fc55c + 7e1ad2c + 348cdb0 + cf85271 + 9d21ca6 + f00c160 + 20c1363 + 0f044b4 + 7faa2b4 + 8db1d06 + 116347a + a307df4 + 09b193b + 336789f + 097faca commit 6757f6e
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/Password/Apache.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ public function verify($password, $hash)
$hash2 = '{SHA}' . base64_encode(sha1($password, true));
return Utils::compareStrings($hash, $hash2);
}

if (substr($hash, 0, 6) === '$apr1$') {
$token = explode('$', $hash);
if (empty($token[2])) {
Expand All @@ -139,7 +140,10 @@ public function verify($password, $hash)
$hash2 = $this->apr1Md5($password, $token[2]);
return Utils::compareStrings($hash, $hash2);
}
if (strlen($hash) > 13) { // digest

$bcryptPattern = '/\$2[ay]?\$[0-9]{2}\$[' . addcslashes(static::BASE64, '+/') . '\.]{53}/';

if (strlen($hash) > 13 && ! preg_match($bcryptPattern, $hash)) { // digest
if (empty($this->userName) || empty($this->authName)) {
throw new Exception\RuntimeException(
'You must specify UserName and AuthName (realm) to verify the digest'
Expand All @@ -148,6 +152,7 @@ public function verify($password, $hash)
$hash2 = md5($this->userName . ':' . $this->authName . ':' .$password);
return Utils::compareStrings($hash, $hash2);
}

return Utils::compareStrings($hash, crypt($password, $hash));
}

Expand Down
8 changes: 8 additions & 0 deletions test/Password/ApacheTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
namespace ZendTest\Crypt\Password;

use Zend\Crypt\Password\Apache;
use Zend\Crypt\Password\Bcrypt;
use Zend\Crypt\Password\Exception;

/**
Expand Down Expand Up @@ -175,4 +176,11 @@ public function testApr1Md5WrongSaltFormat()
$this->apache->verify('myPassword', '$apr1$z0Hhe5Lq3$6YdJKbkrJg77Dvw2gpuSA1');
$this->apache->verify('myPassword', '$apr1$z0Hhe5L&$6YdJKbkrJg77Dvw2gpuSA1');
}

public function testCanVerifyBcryptHashes()
{
$bcrypt = new Bcrypt();
$hash = $bcrypt->create('myPassword');
$this->assertTrue($this->apache->verify('myPassword', $hash));
}
}

0 comments on commit 6757f6e

Please sign in to comment.