makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-25 19:38:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/12352] Use $CP$ prefix for converting passwords in manager

Browse source 
PHPBB3-12352
This commit is contained in:
Marc Alexander 2014-05-11 22:25:44 +02:00
parent 1e758ba7f0
commit 2a96b9e285
1 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
phpBB/phpbb/passwords/manager.php
View file

@ -246,18 +246,9 @@ class manager
$stored_hash_type = $this->detect_algorithm($hash);
if ($stored_hash_type == false)
{
// Might be a legacy hash type. Check all legacy
// hash types and set convert flag to true if password
// is correct
foreach ($this->type_map as $algorithm)
{
if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true)
{
$this->convert_flag = true;
return true;
}
}
return false;
// Still check MD5 hashes as that is what the installer
// will default to for the admin user
return $this->get_algorithm('$H$')->check($password, $hash);
}
// Multiple hash passes needed
@ -277,6 +268,21 @@ class manager
$this->convert_flag = false;
}
if ($stored_hash_type->get_prefix() === '$CP$')
{
// Check all legacy hash types for this hash. Remove
// $CP$ prefix from beginning for proper checking.
$hash = substr($hash, 4);
foreach ($this->type_map as $algorithm)
{
if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true)
{
return true;
}
}
}
return $stored_hash_type->check($password, $hash);
}