From 2a96b9e285bfadee830fd57e770a210d72cd7610 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 11 May 2014 22:25:44 +0200 Subject: [PATCH] [ticket/12352] Use $CP$ prefix for converting passwords in manager PHPBB3-12352 --- phpBB/phpbb/passwords/manager.php | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index 66ca335d45..7d46424e4d 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -246,18 +246,9 @@ class manager $stored_hash_type = $this->detect_algorithm($hash); if ($stored_hash_type == false) { - // Might be a legacy hash type. Check all legacy - // hash types and set convert flag to true if password - // is correct - foreach ($this->type_map as $algorithm) - { - if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true) - { - $this->convert_flag = true; - return true; - } - } - return false; + // Still check MD5 hashes as that is what the installer + // will default to for the admin user + return $this->get_algorithm('$H$')->check($password, $hash); } // Multiple hash passes needed @@ -277,6 +268,21 @@ class manager $this->convert_flag = false; } + if ($stored_hash_type->get_prefix() === '$CP$') + { + // Check all legacy hash types for this hash. Remove + // $CP$ prefix from beginning for proper checking. + $hash = substr($hash, 4); + + foreach ($this->type_map as $algorithm) + { + if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true) + { + return true; + } + } + } + return $stored_hash_type->check($password, $hash); }