Comparar contraseñas del phpbb3?

Foro destinado a los MODs en desarrollo para phpBB 2 por favor.
  Reglas del Foro
Antes de participar en los foros, leer esto por favor.
Normas generales de phpBB-Es y las de Soporte

No hay votos
Votos totales: 0

Mensajes: 1
Registrado: 11 Jul 2006, 04:40

Comparar contraseñas del phpbb3?


Mensaje por hitogoroshi »

Que tal amigos, e visto que phpbb3 usa su propio hash, buen en si usa un framework para los hash ya que ahi ponen todos los creditos pero parece que tienen un ligero cambio..... los que hayan visto porfavor pido su ayuda urgente, ya que me estoy separando del phpbb3 a mi propio sistema de foros, y quiero poder comparar las contraseñas.

Basicamente, esta es el script para las contraseñas a lo mejor falta algo mas, lo saque de functions.php

Código: Seleccionar todo

* @version Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier)
* Portable PHP password hashing framework.
* Written by Solar Designer <solar at> in 2004-2006 and placed in
* the public domain.
* There's absolutely no warranty.
* The homepage URL for this framework is:
* Please be sure to update the Version line if you edit this file in any way.
* It is suggested that you leave the main version number intact, but indicate
* your project name (after the slash) and add your own revision information.
* Please do not change the "private" password hashing method implemented in
* here, thereby making your hashes incompatible.  However, if you must, please
* change the hash type identifier (the "$P$") to something different.
* Obviously, since this code is in the public domain, the above are not
* requirements (there can be none), but merely suggestions.
* Hash the password
function phpbb_hash($password)
	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

	$random_state = unique_id();
	$random = '';
	$count = 6;

	if (($fh = @fopen('/dev/urandom', 'rb')))
		$random = fread($fh, $count);

	if (strlen($random) < $count)
		$random = '';

		for ($i = 0; $i < $count; $i += 16)
			$random_state = md5(unique_id() . $random_state);
			$random .= pack('H*', md5($random_state));
		$random = substr($random, 0, $count);

	$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);

	if (strlen($hash) == 34)
		return $hash;

	return md5($password);

* Check for correct password
* @param string $password The password in plain text
* @param string $hash The stored password hash
* @return bool Returns true if the password is correct, false if not.
function phpbb_check_hash($password, $hash)
	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
	if (strlen($hash) == 34)
		return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;

	return (md5($password) === $hash) ? true : false;

* Generate salt for hash generation
function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
	if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
		$iteration_count_log2 = 8;

	$output = '$H$';
	$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
	$output .= _hash_encode64($input, 6, $itoa64);

	return $output;

* Encode hash
function _hash_encode64($input, $count, &$itoa64)
	$output = '';
	$i = 0;

		$value = ord($input[$i++]);
		$output .= $itoa64[$value & 0x3f];

		if ($i < $count)
			$value |= ord($input[$i]) << 8;

		$output .= $itoa64[($value >> 6) & 0x3f];

		if ($i++ >= $count)

		if ($i < $count)
			$value |= ord($input[$i]) << 16;

		$output .= $itoa64[($value >> 12) & 0x3f];

		if ($i++ >= $count)

		$output .= $itoa64[($value >> 18) & 0x3f];
	while ($i < $count);

	return $output;

* The crypt function/replacement
function _hash_crypt_private($password, $setting, &$itoa64)
	$output = '*';

	// Check for correct hash
	if (substr($setting, 0, 3) != '$H$')
		return $output;

	$count_log2 = strpos($itoa64, $setting[3]);

	if ($count_log2 < 7 || $count_log2 > 30)
		return $output;

	$count = 1 << $count_log2;
	$salt = substr($setting, 4, 8);

	if (strlen($salt) != 8)
		return $output;

	* We're kind of forced to use MD5 here since it's the only
	* cryptographic primitive available in all versions of PHP
	* currently in use.  To implement our own low-level crypto
	* in PHP would result in much worse performance and
	* consequently in lower iteration counts and hashes that are
	* quicker to crack (by non-PHP code).
	if (PHP_VERSION >= 5)
		$hash = md5($salt . $password, true);
			$hash = md5($hash . $password, true);
		while (--$count);
		$hash = pack('H*', md5($salt . $password));
			$hash = pack('H*', md5($hash . $password));
		while (--$count);

	$output = substr($setting, 0, 12);
	$output .= _hash_encode64($hash, 16, $itoa64);

	return $output;

//LLamando a la funcion phpbb_check_hash pero no funciona :_S
print var_dump(phpbb_check_hash("howe","$H$7oO6hHK4TGXzA79gReEUAHklUOmuSc1"));
Ok lo hago que es usar la funcion phpbb_check_hash que retorna un valor boolean, pero siempre me sale FALSE y nose como hacer para que bote TRUE

Les doy dos datos correctos....

Password: howe
Hash: $H$7oO6hHK4TGXzA79gReEUAHklUOmuSc1

El primero es el password normal, y el otro despues de haber pasado por las funciones de hash


Volver a “Desarrollo de MODs phpBB 2”