so, i'm just over to try a snippet code, that should check for correct phpBB hashed
bcrypt passw.
The passw i test is the same as last day, so:
zVg%)4hK$wvDhEmr^?=)&
I've try out a simply class, that is the phpBB brcypt.php little modified to get only the necessary to check the hash against a plain password.
I've try to look values passed to
crypt() into phpBB
hash(), that of course return his correct hashed passw in phpBB after
The same values, in the external snippet class i've do, but also on this, where from maybe
bcrypt phpBB class come from (or maybe not):
https://github.com/cosenary/Bcrypt-PHP-Class
are passed to
crypt() into his analogue
hash() call to re-hash passw and check against.
The resulting salt, as on phpBB for password
zVg%)4hK$wvDhEmr^?=)& is:
$2y$10$fYJ2TnS2hlCG1XVGuCWXsu
but my snippet class code, and also the linked class class above, after
crypt()
into
public function hash($password, $salt = '')
where same values are passed at this point, as on phpBB, plain pass and salt, return a different result:
on my snippet code and the linked class both return:
hash = $2y$10$fYJ2TnS2hlCG1XVGuCWXsunA9bIS9Feok1A1k8hhNF5VAM3FBNblO
On phpBB after crypt($password, $salt) return:
hash = $2y$10$fYJ2TnS2hlCG1XVGuCWXsuIMWDG6iN3ky.UnINT5H6ibXMpRkQfeu
any hint?