# HG changeset patch # User Kim Alvefur # Date 1462036185 -7200 # Node ID 28d99ffa3c061f8476c225c7064729b870eac874 # Parent 24dcf496df6be1aa793123db1e5d90b54af2486c mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios) diff -r 24dcf496df6b -r 28d99ffa3c06 mod_auth_phpbb3/README.markdown --- a/mod_auth_phpbb3/README.markdown Wed Apr 27 21:48:13 2016 +0200 +++ b/mod_auth_phpbb3/README.markdown Sat Apr 30 19:09:45 2016 +0200 @@ -10,6 +10,11 @@ This module allows you to authenticate against an PHPBB3 database. +To support the `bcrypt` password hashing algorithm, install +[bcrypt](https://luarocks.org/modules/mikejsavage/bcrypt) from luarocks: + + luarocks install bcrypt + Configuration ============= diff -r 24dcf496df6b -r 28d99ffa3c06 mod_auth_phpbb3/mod_auth_phpbb3.lua --- a/mod_auth_phpbb3/mod_auth_phpbb3.lua Wed Apr 27 21:48:13 2016 +0200 +++ b/mod_auth_phpbb3/mod_auth_phpbb3.lua Sat Apr 30 19:09:45 2016 +0200 @@ -10,6 +10,7 @@ local DBI = require "DBI" local md5 = require "util.hashes".md5; local uuid_gen = require "util.uuid".generate; +local have_bcrypt, bcrypt = pcall(require, "bcrypt"); -- available from luarocks local connection; local params = module:get_option("sql"); @@ -176,7 +177,10 @@ end local function phpbbCheckHash(password, hash) if #hash == 32 then return hash == md5(password, true); end -- legacy PHPBB2 hash - return #hash == 34 and hashCryptPrivate(password, hash) == hash; + if #hash == 34 then return hashCryptPrivate(password, hash) == hash; end + if #hash == 60 and have_bcrypt then return bcrypt.verify(password, hash); end + module:log("error", "Unsupported hash: %s", hash); + return false; end local function phpbbCreateHash(password) local random = uuid_gen():sub(-6);