Fixed Core12 authentication gets auto-upgraded constantly


Well-known member
Affected version
We have noticed XF\Authentication\Core12::isUpgradable always returns true in our installation. Apparently, running XF\Authentication\Core12::generate will return "$2y" if password_hash is available. If I disable that branch and force it to use XF\Authentication\PasswordHash::HashPassword, the hash comes back with "$2a" prefix. Is this a bug?
Yeah, that looks like a bug to me.

We've changed the code here to match $2y$ as well as $2a$ so that should prevent any unnecessary upgrading.
Top Bottom