in functions.php found in install/update/new/includes/ directory are some functions that handle password and hashing:
phpbb_hash - hash the password
phpbb_check_hash - check for correct password
_hash_gensalt_private - Generate salt for hash generation
_hash_encode64 - Encode hash
_hash_crypt_private - The crypt function/replacement
Before the first function is this information:
* @version Version 0.1 / $Id: functions.php,v 1.640 2007/10/09 21:04:21 kellanved Exp $
* Portable PHP password hashing framework.
* Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
* the public domain.
* There's absolutely no warranty.
* The homepage URL for this framework is:
* Please be sure to update the Version line if you edit this file in any way.
* It is suggested that you leave the main version number intact, but indicate
* your project name (after the slash) and add your own revision information.
* Please do not change the "private" password hashing method implemented in
* here, thereby making your hashes incompatible. However, if you must, please
* change the hash type identifier (the "$P$") to something different.
* Obviously, since this code is in the public domain, the above are not
* requirements (there can be none), but merely suggestions.
I have not figured out how to use all these yet. Is it possible to just include functions.php and call the function like "phpbb_check_hash($password)" or do we just has the password with phpbb_hash and check that against the value stored in the DB?