www programming

I've find out that there is still a problem about password when we go to change it in WP profile.
If it contain characters like the pass fail to be recognized in phpBB (if i try to login with this pass in phpBB). And viceversa.

the interesting is that hashes are correctly stored as same in any case. That let me at moment really confused.
anyone know how this could never happen?

When pass are changed, are correctly updated on both WP and phpBB (if on WP on fly, if done in phpBB when user come to login or as logged visit wp).

Added: but look below what happen, and why passwords aren't correctly recognized if:

(1.6.2 has just been released in the while)...

Test Pass:
zVg%)4hK$wvDhEmr^?=)&

changed/hashed on WP (updated, result same on both):

$2a$08$2aCqkcJYCM9lcUaZopqz2usSZoIb.Tw/Cj1e.1D8N7oWQzB4g7a1q
$2a$08$2aCqkcJYCM9lcUaZopqz2usSZoIb.Tw/Cj1e.1D8N7oWQzB4g7a1q

work if login on WP, fail phpBB


changed/hashed in phpBB (updated, result same on both with same test pass):

$2y$10$PCfuM2rQOTJNfJ01Ms0hfeSkGPnq9pVZ6/WIOvj/eUTGYpKha9i0O
$2y$10$PCfuM2rQOTJNfJ01Ms0hfeSkGPnq9pVZ6/WIOvj/eUTGYpKha9i0O

work if login phpBB, not work if login WP


password change in phpBB OR WP, a different pass like this (that not contain some chars type, and is correctly updated also in this case):
Test Pass:
zVg%)4hK$wvDhEm

Hashed and respectively tested on both:
work on both. Anyone have an idea?

the question has been fortunately kindly answered at phpBB.com:

phpBB no longer uses phpass, though we never supported the blowfish format of phpass. In phpBB 3.1, we moved to bcrypt and continue to use it: https://github.com/phpbb/phpbb/blob/3.2 ... bcrypt.php
While phpBB can support the $2a$ format of bcrypt, yours uses a cost factor of 8, while we require one of at least 10. That would cause the password hash to be recomputed and converted to the $2y$ format, which Wordpress would not be able to use.

https://www.phpbb.com/community/viewto ... #p14662636

the problem has been resolved and fixed on next coming soon 1.6.3.