X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/11be8dc178e77d0b46189bbd8e33a216a9b90942..baca9ce86a38dc54c4574890ee2d352fd81f78b2:/wp-includes/class-phpass.php diff --git a/wp-includes/class-phpass.php b/wp-includes/class-phpass.php index 93f4536c..2fed5d76 100644 --- a/wp-includes/class-phpass.php +++ b/wp-includes/class-phpass.php @@ -3,13 +3,13 @@ * Portable PHP password hashing framework. * @package phpass * @since 2.5 - * @version 0.1 + * @version 0.3 / WordPress * @link http://www.openwall.com/phpass/ */ # # Written by Solar Designer in 2004-2006 and placed in -# the public domain. +# the public domain. Revised in subsequent years, still public domain. # # There's absolutely no warranty. # @@ -29,7 +29,7 @@ * Portable PHP password hashing framework. * * @package phpass - * @version 0.1 / genuine + * @version 0.3 / WordPress * @link http://www.openwall.com/phpass/ * @since 2.5 */ @@ -49,14 +49,14 @@ class PasswordHash { $this->portable_hashes = $portable_hashes; - $this->random_state = microtime() . (function_exists('getmypid') ? getmypid() : '') . uniqid(rand(), TRUE); - + $this->random_state = microtime() . uniqid(rand(), TRUE); // removed getmypid() for compatibility reasons } function get_random_bytes($count) { $output = ''; - if (($fh = @fopen('/dev/urandom', 'rb'))) { + if ( @is_readable('/dev/urandom') && + ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } @@ -114,7 +114,9 @@ class PasswordHash { if (substr($setting, 0, 2) == $output) $output = '*1'; - if (substr($setting, 0, 3) != '$P$') + $id = substr($setting, 0, 3); + # We use "$P$", phpBB3 uses "$H$" for the same thing + if ($id != '$P$' && $id != '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); @@ -251,7 +253,7 @@ class PasswordHash { if ($hash[0] == '*') $hash = crypt($password, $stored_hash); - return $hash == $stored_hash; + return $hash === $stored_hash; } }