aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2014-05-29 12:13:02 +0200
committerMarc Alexander <admin@m-a-styles.de>2014-06-01 21:31:05 +0200
commit252a061864b631ac2536f589d9c7da3810d82357 (patch)
treeeafd3d1589e01ae1997dc90c9ed20fb6e869fdb9
parentaf25aef04ca3ee39cd1597b356638e883ccf72fa (diff)
downloadforums-252a061864b631ac2536f589d9c7da3810d82357.tar
forums-252a061864b631ac2536f589d9c7da3810d82357.tar.gz
forums-252a061864b631ac2536f589d9c7da3810d82357.tar.bz2
forums-252a061864b631ac2536f589d9c7da3810d82357.tar.xz
forums-252a061864b631ac2536f589d9c7da3810d82357.zip
[ticket/12352] Use correct hashing method in md5_mybb driver
PHPBB3-12352
Diffstat
-rw-r--r--phpBB/phpbb/passwords/driver/md5_mybb.php10
-rw-r--r--tests/passwords/drivers_test.php2
2 files changed, 10 insertions, 2 deletions
diff --git a/phpBB/phpbb/passwords/driver/md5_mybb.php b/phpBB/phpbb/passwords/driver/md5_mybb.php
index 9406546798..ca416c4401 100644
--- a/phpBB/phpbb/passwords/driver/md5_mybb.php
+++ b/phpBB/phpbb/passwords/driver/md5_mybb.php
@@ -46,7 +46,15 @@ class md5_mybb extends base
*/
public function check($password, $hash, $user_row = array())
{
- return (!empty($hash) && isset($user_row['user_passwd_salt'])) ? $hash === md5($user_row['user_passwd_salt'] . md5($password)) : false;
+ if (empty(hash) || !isset($user_row['user_passwd_salt']))
+ {
+ return false;
+ }
+ else
+ {
+ // Works for myBB 1.1.x, 1.2.x, 1.4.x, 1.6.x
+ return $hash === md5(md5($user_row['user_passwd_salt']) . md5($password));
+ }
}
/**
diff --git a/tests/passwords/drivers_test.php b/tests/passwords/drivers_test.php
index 1f900340c7..146f979a27 100644
--- a/tests/passwords/drivers_test.php
+++ b/tests/passwords/drivers_test.php
@@ -178,7 +178,7 @@ class phpbb_passwords_helper_test extends \phpbb_test_case
return array(
array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd'),
array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd', array('user_passwd_salt' => 'ae2fc75e')),
- array(true, 'foobar', '6022de2cc0ecf59ff14b57c6205ee170', array('user_passwd_salt' => 'ae2fc75e')),
+ array(true, 'foobar', 'b86ee7e24008bfd2890dcfab1ed31333', array('user_passwd_salt' => 'yeOtfFO6')),
);
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-04 00:13:01 +0000