From 5a243af879b42f1323d716f75c981bcfb42b2afe Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Tue, 27 May 2014 18:12:33 +0200
Subject: [PATCH] [ticket/12352] Add driver for phpBB2 hashes with md5 length
 of 32

PHPBB3-12352
---
 phpBB/config/passwords.yml                  |   9 ++
 phpBB/phpbb/passwords/driver/phpbb2_md5.php | 118 ++++++++++++++++++++
 2 files changed, 127 insertions(+)
 create mode 100644 phpBB/phpbb/passwords/driver/phpbb2_md5.php

diff --git a/phpBB/config/passwords.yml b/phpBB/config/passwords.yml
index 4f4a4621ee..8e4c27d324 100644
--- a/phpBB/config/passwords.yml
+++ b/phpBB/config/passwords.yml
@@ -54,6 +54,15 @@ services:
         tags:
             - { name: passwords.driver }
 
+    passwords.driver.phpbb2_md5:
+        class: phpbb\passwords\driver\phpbb2_md5
+        arguments:
+            - @request
+            - %core.root_path%
+            - %core.php_ext%
+        tags:
+            - { name: passwords.driver }
+
     passwords.driver_collection:
         class: phpbb\di\service_collection
         arguments:
diff --git a/phpBB/phpbb/passwords/driver/phpbb2_md5.php b/phpBB/phpbb/passwords/driver/phpbb2_md5.php
new file mode 100644
index 0000000000..7796ff6873
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/phpbb2_md5.php
@@ -0,0 +1,118 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+/**
+* @package passwords
+*/
+class phpbb2_md5 extends base
+{
+	const PREFIX = '$phpbb2_md5$';
+
+	/** @var \phpbb\request\request phpBB request object */
+	protected $request;
+
+	/** @var phpBB root path */
+	protected $phpbb_root_path;
+
+	/** @var php file extension */
+	protected $php_ext;
+
+	/**
+	* Constructor of passwords driver object
+	*
+	* @param \phpbb\request\request		$request phpBB request object
+	* @param string				$phpbb_root_path phpBB root path
+	* @param string				$php_ext PHP file extension
+	*/
+	public function __construct($request, $phpbb_root_path, $php_ext)
+	{
+		$this->request = $request;
+		$this->phpbb_root_path = $phpbb_root_path;
+		$this->php_ext = $php_ext;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function hash($password, $user_row = '')
+	{
+		// Do not support hashing
+		return false;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		if (strlen($hash) != 32)
+		{
+			return false;
+		}
+
+		// enable super globals to get literal value
+		// this is needed to prevent unicode normalization
+		$super_globals_disabled = $this->request->super_globals_disabled();
+		if ($super_globals_disabled)
+		{
+			$this->request->enable_super_globals();
+		}
+
+		// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
+		$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
+		$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
+		$password_new_format = $this->request->variable('password', '', true);
+
+		if ($super_globals_disabled)
+		{
+			$this->request->disable_super_globals();
+		}
+
+		if ($password == $password_new_format)
+		{
+			if (!function_exists('utf8_to_cp1252'))
+			{
+				include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
+			}
+
+			if (md5($password_old_format) === $hash || md5(\utf8_to_cp1252($password_old_format)) === $hash)
+			{
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_settings_only($hash, $full = false)
+	{
+		return false;
+	}
+}