diff --git a/src/Password/Apache.php b/src/Password/Apache.php index 9a9cf43..7a0cd12 100644 --- a/src/Password/Apache.php +++ b/src/Password/Apache.php @@ -129,6 +129,7 @@ public function verify($password, $hash) $hash2 = '{SHA}' . base64_encode(sha1($password, true)); return Utils::compareStrings($hash, $hash2); } + if (substr($hash, 0, 6) === '$apr1$') { $token = explode('$', $hash); if (empty($token[2])) { @@ -139,7 +140,10 @@ public function verify($password, $hash) $hash2 = $this->apr1Md5($password, $token[2]); return Utils::compareStrings($hash, $hash2); } - if (strlen($hash) > 13) { // digest + + $bcryptPattern = '/\$2[ay]?\$[0-9]{2}\$[' . addcslashes(static::BASE64, '+/') . '\.]{53}/'; + + if (strlen($hash) > 13 && ! preg_match($bcryptPattern, $hash)) { // digest if (empty($this->userName) || empty($this->authName)) { throw new Exception\RuntimeException( 'You must specify UserName and AuthName (realm) to verify the digest' @@ -148,6 +152,7 @@ public function verify($password, $hash) $hash2 = md5($this->userName . ':' . $this->authName . ':' .$password); return Utils::compareStrings($hash, $hash2); } + return Utils::compareStrings($hash, crypt($password, $hash)); } diff --git a/test/Password/ApacheTest.php b/test/Password/ApacheTest.php index c883bfb..091376c 100644 --- a/test/Password/ApacheTest.php +++ b/test/Password/ApacheTest.php @@ -10,6 +10,7 @@ namespace ZendTest\Crypt\Password; use Zend\Crypt\Password\Apache; +use Zend\Crypt\Password\Bcrypt; use Zend\Crypt\Password\Exception; /** @@ -175,4 +176,11 @@ public function testApr1Md5WrongSaltFormat() $this->apache->verify('myPassword', '$apr1$z0Hhe5Lq3$6YdJKbkrJg77Dvw2gpuSA1'); $this->apache->verify('myPassword', '$apr1$z0Hhe5L&$6YdJKbkrJg77Dvw2gpuSA1'); } + + public function testCanVerifyBcryptHashes() + { + $bcrypt = new Bcrypt(); + $hash = $bcrypt->create('myPassword'); + $this->assertTrue($this->apache->verify('myPassword', $hash)); + } }