Support b and x variants for bcrypt hashes

Prompted by https://forum.dokuwiki.org/d/22108-authpdo-with-postgres-and-lemmy/3 As stated on https://stackoverflow.com/a/36225192 > there is no difference between 2, 2a, 2x, 2y, and 2b. If you wrote your > implementation correctly, they all output the same result.
dokuwiki · Mar 13, 2024 · dfaf074 · dfaf074
1 parent 4d2a091
commit dfaf074
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/_test/tests/inc/auth_password.test.php b/_test/tests/inc/auth_password.test.php
@@ -24,7 +24,6 @@ public function hashes() {
             array('kmd5', 'a579299436d7969791189acadd86fcb716'),
             array('djangomd5', 'md5$abcde$d0fdddeda8cd92725d2b54148ac09158'),
             array('djangosha1', 'sha1$abcde$c8e65a7f0acc9158843048a53dcc5a6bc4d17678'),
-
         );
 
         if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
@@ -81,6 +80,7 @@ function test_bcrypt_self() {
 
     function test_verifyPassword_fixedbcrypt() {
         $this->assertTrue(auth_verifyPassword('foobcrypt', '$2a$12$uTWercxbq4sjp2xAzv3we.ZOxk51m5V/Bv5bp2H27oVFJl5neFQoC'));
+        $this->assertTrue(auth_verifyPassword('lemmybcrypt12hash', '$2b$12$zMBuY6QAGXuT6elIbadavO1JTI6DfaGe1MpfBthG/nt6mkodwmKAi'));
     }
 
     function test_verifyPassword_nohash() {

diff --git a/inc/PassHash.php b/inc/PassHash.php
@@ -77,7 +77,7 @@ public function verify_hash($clear, $hash)
         } elseif (preg_match('/^md5\$(.{5})\$/', $hash, $m)) {
             $method = 'djangomd5';
             $salt   = $m[1];
-        } elseif (preg_match('/^\$2(a|y)\$(.{2})\$/', $hash, $m)) {
+        } elseif (preg_match('/^\$2([abxy])\$(.{2})\$/', $hash, $m)) {
             $method = 'bcrypt';
             $salt   = $hash;
         } elseif (str_starts_with($hash, '{SSHA}')) {