I am trying to convert a test password (testing4) into a phpbb3 hash. This is the code I have tried:
<?php
/**
*
* @package phpBB3
* @version $Id: v3_dbal.xml 44 2007-07-25 11:06:55Z smithy_dll $
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @ignore
*/
define('IN_PHPBB', true);
include ("functions_phpbb.php");
$data['new_password'] = "testing4";
$user_row = array(
'user_password' => phpbb_hash($data['new_password'])
);
$hash = $user_row['user_password'];
echo $hash;
?>
and this doesn't work either:
$pass = "testing4";
$hash = phpbb_hash($pass);
Both times I recieve the following error message:
Fatal error: Call to a member function sql_escape() on a non-object in /home/a8544020/public_html/Pass/functions_phpbb.php on line 149
I have tried it on 2 different hosts without any luck. Otherwise is there an online service that simply converts text to the hash?
Thanks in advance
I'm assuming your functions_phpbb.php
file is a copy of the includes/functions.php
file of the phpBB3 package.
Now, the reason you are getting this error is because the phpbb_hash
function uses the phpBB unique_id
function for entropy, which depends on a database connection (to change and persist the entropy on every request).
There's two ways to fix this.
a) include phpBB's common.php
, which will bootstrap your code for phpBB (including db connection, error handlers, etc).
b) phpBB3 uses phpass for hashing. I suggest you simply download the standalone phpass package and use that to generate the hash.
Little caveat: phpBB3 changes the hash identifier from '$P$' to '$H$' (don't ask me why), so you will have to change this line:
$output = '$P$';
to:
$output = '$H$';
Since option a) adds quite some overhead, and you are probably only wanting to use the hashing functions, I'd suggest option b).
Maybe the other way. I have used the library from: http://www.openwall.com/phpass/ To make it working, you must change first 3 characters of generated HASH:
$P$
to
$H$
used in phpbb
I wonder why they run a password hash through a SQL escaping function.. but you could simply try defining that function as a dummy:
function sql_escape($str) { return $str; }