makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/12352] Check phpBB2 passwords that have been encrypted with phpass

Browse source 
PHPBB3-12352
This commit is contained in:
Marc Alexander 2014-05-28 20:02:06 +02:00
parent b35ed3bc69
commit d9e49fae23
2 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/config/passwords.yml
View file

@ -58,6 +58,7 @@ services:
class: phpbb\passwords\driver\phpbb2_md5 class: phpbb\passwords\driver\phpbb2_md5
arguments: arguments:
- @request - @request
- @passwords.driver.salted_md5
- %core.root_path% - %core.root_path%
- %core.php_ext% - %core.php_ext%
tags: tags:

19
phpBB/phpbb/passwords/driver/phpbb2_md5.php
View file

@ -19,6 +19,9 @@ class phpbb2_md5 extends base
/** @var \phpbb\request\request phpBB request object */ /** @var \phpbb\request\request phpBB request object */
protected $request; protected $request;
/** @var \phpbb\passwords\driver\salted_md5 */
protected $salted_md5;
/** @var phpBB root path */ /** @var phpBB root path */
protected $phpbb_root_path; protected $phpbb_root_path;
@ -28,13 +31,15 @@ class phpbb2_md5 extends base
/** /**
* Constructor of passwords driver object * Constructor of passwords driver object
* *
* @param \phpbb\request\request $request phpBB request object * @param \phpbb\request\request $request phpBB request object
* @param string $phpbb_root_path phpBB root path * @param \phpbb\passwords\driver\salted_md5 $salted_md5 Salted md5 driver
* @param string $php_ext PHP file extension * @param string $phpbb_root_path phpBB root path
* @param string $php_ext PHP file extension
*/ */
public function __construct($request, $phpbb_root_path, $php_ext) public function __construct($request, \phpbb\passwords\driver\salted_md5 $salted_md5, $phpbb_root_path, $php_ext)
{ {
$this->request = $request; $this->request = $request;
$this->salted_md5 = $salted_md5;
$this->phpbb_root_path = $phpbb_root_path; $this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext; $this->php_ext = $php_ext;
} }
@ -69,7 +74,7 @@ class phpbb2_md5 extends base
*/ */
public function check($password, $hash, $user_row = array()) public function check($password, $hash, $user_row = array())
{ {
if (strlen($hash) != 32) if (strlen($hash) != 32 && strlen($hash) != 34)
{ {
return false; return false;
} }
@ -99,7 +104,9 @@ class phpbb2_md5 extends base
include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext); include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
} }
if (md5($password_old_format) === $hash || md5(\utf8_to_cp1252($password_old_format)) === $hash) if (md5($password_old_format) === $hash || md5(\utf8_to_cp1252($password_old_format)) === $hash
|| $this->salted_md5->check(md5($password_old_format), $hash) === true
|| $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true)
{ {
return true; return true;
} }