From 252a061864b631ac2536f589d9c7da3810d82357 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Thu, 29 May 2014 12:13:02 +0200
Subject: [PATCH] [ticket/12352] Use correct hashing method in md5_mybb driver

PHPBB3-12352
---
 phpBB/phpbb/passwords/driver/md5_mybb.php | 10 +++++++++-
 tests/passwords/drivers_test.php          |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/phpBB/phpbb/passwords/driver/md5_mybb.php b/phpBB/phpbb/passwords/driver/md5_mybb.php
index 9406546798..ca416c4401 100644
--- a/phpBB/phpbb/passwords/driver/md5_mybb.php
+++ b/phpBB/phpbb/passwords/driver/md5_mybb.php
@@ -46,7 +46,15 @@ class md5_mybb extends base
 	*/
 	public function check($password, $hash, $user_row = array())
 	{
-		return (!empty($hash) && isset($user_row['user_passwd_salt'])) ? $hash === md5($user_row['user_passwd_salt'] . md5($password)) : false;
+		if (empty(hash) || !isset($user_row['user_passwd_salt']))
+		{
+			return false;
+		}
+		else
+		{
+			// Works for myBB 1.1.x, 1.2.x, 1.4.x, 1.6.x
+			return $hash === md5(md5($user_row['user_passwd_salt']) . md5($password));
+		}
 	}
 
 	/**
diff --git a/tests/passwords/drivers_test.php b/tests/passwords/drivers_test.php
index 1f900340c7..146f979a27 100644
--- a/tests/passwords/drivers_test.php
+++ b/tests/passwords/drivers_test.php
@@ -178,7 +178,7 @@ class phpbb_passwords_helper_test extends \phpbb_test_case
 		return array(
 			array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd'),
 			array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd', array('user_passwd_salt' => 'ae2fc75e')),
-			array(true, 'foobar', '6022de2cc0ecf59ff14b57c6205ee170', array('user_passwd_salt' => 'ae2fc75e')),
+			array(true, 'foobar', 'b86ee7e24008bfd2890dcfab1ed31333', array('user_passwd_salt' => 'yeOtfFO6')),
 		);
 	}