[feature/passwords] Integrate convert_flag with db auth provider

PHPBB3-11610
2025-06-27 21:58:52 +00:00 · 2013-10-25 15:21:09 +02:00 · 2013-10-25 15:21:09 +02:00 · bb836b65e3
commit bb836b65e3
parent 87bd628241
5 changed files with 27 additions and 5 deletions
--- a/phpBB/phpbb/auth/provider/db.php
+++ b/phpBB/phpbb/auth/provider/db.php
@ -245,7 +245,7 @@ class db extends \phpbb\auth\provider\base
 		if (!$row['user_pass_convert'] && $this->passwords_manager->check($password, $row['user_password']))
 		{
 			// Check for old password hash...
-			if (strlen($row['user_password']) == 32)
+			if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32)
 			{
 				$hash = $this->passwords_manager->hash($password);
--- a/phpBB/phpbb/passwords/manager.php
+++ b/phpBB/phpbb/passwords/manager.php
@ -243,7 +243,9 @@ class manager
 		// Multiple hash passes needed
 		if (is_array($stored_hash_type))
 		{
-			return $this->helper->check_combined_hash($password, $stored_hash_type, $hash);
+			$correct = $this->helper->check_combined_hash($password, $stored_hash_type, $hash);
 			$this->convert_flag = ($correct === true) ? true : false;
 			return $correct;
 		}
 		if ($stored_hash_type->get_name() !== $this->type)
--- a/tests/auth/fixtures/user.xml
+++ b/tests/auth/fixtures/user.xml
@ -18,6 +18,21 @@
 			<value>1</value>
 			<value>foobar</value>
 			<value>foobar</value>
 			<value>$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i</value>
 			<value>0</value>
 			<value>0</value>
 			<value>example@example.com</value>
 			<value>0</value>
 			<value>0</value>
 			<value></value>
 			<value></value>
 			<value></value>
 			<value></value>
 		</row>
 		<row>
 			<value>2</value>
 			<value>foobar2</value>
 			<value>foobar2</value>
 			<value>$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/</value>
 			<value>0</value>
 			<value>0</value>
--- a/tests/auth/provider_apache_test.php
+++ b/tests/auth/provider_apache_test.php
@ -94,7 +94,7 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
 			'user_row'		=> array(
 				'user_id' 				=> '1',
 				'username' 				=> 'foobar',
-				'user_password'			=> '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
+				'user_password'			=> '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i',
 				'user_passchg' 			=> '0',
 				'user_email' 			=> 'example@example.com',
 				'user_type' 			=> '0',
@ -130,7 +130,7 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
 			'user_regdate' => '0',
 			'username' => 'foobar',
 			'username_clean' => 'foobar',
-			'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
+			'user_password' => '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i',
 			'user_passchg' => '0',
 			'user_pass_convert' => '0',
 			'user_email' => 'example@example.com',
--- a/tests/auth/provider_db_test.php
+++ b/tests/auth/provider_db_test.php
@ -53,7 +53,7 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case
 			'user_row'		=> array(
 				'user_id' 				=> '1',
 				'username' 				=> 'foobar',
-				'user_password'			=> '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/',
+				'user_password'			=> '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i',
 				'user_passchg' 			=> '0',
 				'user_pass_convert' 	=> '0',
 				'user_email' 			=> 'example@example.com',
@ -63,5 +63,10 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case
 		);
 		$this->assertEquals($expected, $provider->login('foobar', 'example'));
 		// Check if convert works
 		$login_return = $provider->login('foobar2', 'example');
 		$password_start = (version_compare(PHP_VERSION, '5.3.7', '<')) ? '$2a$10$' : '$2y$10$';
 		$this->assertStringStartsWith($password_start, $login_return['user_row']['user_password']);
 	}
 }