Fix default algorithm wrapping

dvz · Apr 11, 2017 · 13c251e · 13c251e
1 parent 8564d57
commit 13c251e
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 11 deletions.
diff --git a/inc/plugins/dvz_hash/algorithms/default_bcrypt.php b/inc/plugins/dvz_hash/algorithms/default_bcrypt.php
@@ -8,11 +8,13 @@ public static function create(string $plaintext): array
     {
         $passwordFields = \dvzHash\createPasswordDefault($plaintext);
 
-        $passwordFields = password_hash($passwordFields['password'], PASSWORD_BCRYPT, [
+        $hash = password_hash($passwordFields['password'], PASSWORD_BCRYPT, [
             'cost' => (int)\dvzHash\getSettingValue('bcrypt_cost'),
         ]);
 
-        return $passwordFields;
+        return array_merge($passwordFields, [
+            'password' => $hash,
+        ]);
     }
 
     public static function verify(string $plaintext, array $passwordFields): bool
@@ -21,7 +23,7 @@ public static function verify(string $plaintext, array $passwordFields): bool
             'password_algorithm_force' => 'default',
         ]);
 
-        return password_verify($stringPrehashed, $passwordFields['password']);
+        return password_verify($stringPrehashed['password'], $passwordFields['password']);
     }
 
     public static function needsRehash(array $passwordFields): bool
@@ -36,10 +38,12 @@ public static function needsRehash(array $passwordFields): bool
 
     public static function wrap(array $passwordFields): array
     {
-        $passwordFields = password_hash($passwordFields['password'], PASSWORD_BCRYPT, [
+        $hash = password_hash($passwordFields['password'], PASSWORD_BCRYPT, [
             'cost' => (int)\dvzHash\getSettingValue('bcrypt_cost'),
         ]);
 
-        return $passwordFields;
+        return [
+            'password' => $hash,
+        ];
     }
 }
diff --git a/inc/plugins/dvz_hash/core.php b/inc/plugins/dvz_hash/core.php
@@ -36,6 +36,8 @@ function wrapAlgorithm(string $toAlgorithm, array $passwordFields): array
 
         $passwordFields = $class::wrap($passwordFields);
 
+        $passwordFields['password_algorithm'] = $toAlgorithm;
+
         $passwordFields = \dvzHash\wrapPasswordFields($passwordFields);
 
         return $passwordFields;
@@ -104,6 +106,12 @@ function wrapUserPasswordAlgorithm(string $fromAlgorithm, string $toAlgorithm, i
         return false;
     }
 
+    if ($fromAlgorithm == 'default') {
+        $algorithmId = '';
+    } else {
+        $algorithmId = $fromAlgorithm;
+    }
+
     if ($limit) {
         $options = [
             'limit' => abs((int)$limit),
@@ -112,7 +120,7 @@ function wrapUserPasswordAlgorithm(string $fromAlgorithm, string $toAlgorithm, i
         $options = [];
     }
 
-    $query = $db->simple_select('users', 'uid,password,password_encryption', "password_algorithm='" . $db->escape_string($fromAlgorithm) . "' AND password_downgraded=''", $options);
+    $query = $db->simple_select('users', 'uid,password,password_encryption', "password_algorithm='" . $db->escape_string($algorithmId) . "' AND password_downgraded=''", $options);
 
     while ($row = $db->fetch_array($query)) {
         $passwordFields = \dvzHash\wrapAlgorithm($toAlgorithm, $row);

diff --git a/inc/plugins/dvz_hash/hooks_acp.php b/inc/plugins/dvz_hash/hooks_acp.php
@@ -51,7 +51,7 @@ function admin_load()
             $page->output_header($lang->dvz_hash_admin);
             $page->output_nav_tabs($sub_tabs, 'overview');
 
-            $usedKnownAlgorithms = [];
+            $wrapCandidateAlgorithms = [];
 
             $query = $db->simple_select('users', 'COUNT(uid) AS n, password_algorithm', '', [
                 'group_by' => 'password_algorithm',
@@ -63,11 +63,15 @@ function admin_load()
             $table->construct_header($lang->dvz_hash_admin_algorithm_known, ['width' => '25%', 'class' => 'align_center']);
 
             while ($row = $db->fetch_array($query)) {
-                $name = $row['password_algorithm'] === '' ? $lang->dvz_hash_admin_algorithm_default : htmlspecialchars_uni($row['password_algorithm']);
+                if ($row['password_algorithm'] === '') {
+                    $name = $lang->dvz_hash_admin_algorithm_default;
+                    $wrapCandidateAlgorithms[] = 'default';
+                } else {
+                    $name = htmlspecialchars_uni($row['password_algorithm']);
+                    $wrapCandidateAlgorithms[] = $row['password_algorithm'];
+                }
 
                 if (\dvzHash\isKnownAlgorithm($row['password_algorithm'])) {
-                    $usedKnownAlgorithms[] = $row['password_algorithm'];
-
                     $recognized = $lang->yes;
                 } else {
                     $recognized = $lang->no;
@@ -79,6 +83,7 @@ function admin_load()
                 $table->construct_row();
             }
 
+
             $table->output($lang->dvz_hash_admin_algorithms_overview);
 
             // conversion
@@ -90,7 +95,7 @@ function admin_load()
             $form_container->output_row_header($lang->dvz_hash_admin_wrap_algorithm_per_page, ['style' => 'width: 30%;']);
             $form_container->output_row_header('&nbsp;', ['style' => 'width: 10%;']);
 
-            $form_container->output_cell($form->generate_select_box('algorithm', array_combine($usedKnownAlgorithms, $usedKnownAlgorithms)));
+            $form_container->output_cell($form->generate_select_box('algorithm', array_combine($wrapCandidateAlgorithms, $wrapCandidateAlgorithms)));
             $form_container->output_cell($form->generate_select_box('to_algorithm', \dvzHash\getAlgorithmSelectArray()));
             $form_container->output_cell($form->generate_numeric_field('per_page', 100, ['style' => 'width: 150px;', 'min' => 0]));
             $form_container->output_cell($form->generate_submit_button($lang->go, ['name' => 'wrap_algorithm']));