diff options
| author | Nils Adermann <naderman@naderman.de> | 2014-06-11 14:28:06 +0200 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2014-06-11 14:28:06 +0200 |
| commit | 86b5a815abb851a9c2fc9dc93a52de3fc641c699 (patch) | |
| tree | 4f3a59ec63c976f75eb3212e34832ba16fd864b7 /phpBB/phpbb/passwords/driver/md5_phpbb2.php | |
| parent | ee39a456647c2c7de4232b093024198f045b6ed2 (diff) | |
| parent | 694f8391c9d3a948159ea2564e6bf4c606eb4053 (diff) | |
| download | forums-86b5a815abb851a9c2fc9dc93a52de3fc641c699.tar forums-86b5a815abb851a9c2fc9dc93a52de3fc641c699.tar.gz forums-86b5a815abb851a9c2fc9dc93a52de3fc641c699.tar.bz2 forums-86b5a815abb851a9c2fc9dc93a52de3fc641c699.tar.xz forums-86b5a815abb851a9c2fc9dc93a52de3fc641c699.zip | |
Merge branch 'develop-ascraeus' into develop
* develop-ascraeus: (33 commits)
[ticket/12352] Do not check hashes that don't have the necessary length
[ticket/12352] Update file headers to fit new format
[ticket/12352] Use custom provider collection for auth providers
[ticket/12352] Add checks for existing user_pass_convert to migrations
[ticket/12352] Remove usages of user_pass_convert column
[ticket/12352] Update schema json file
[ticket/12352] Remove user_pass_convert column from database
[ticket/12352] Check each newly added passwords driver in manager_test
[ticket/12352] Add get_settings_only method to passwords driver base
[ticket/12352] Add passwords driver for xenforo 1.0, 1.1 passwords
[ticket/12352] Add tests for wcf1 and wcf2 drivers
[ticket/12352] Add driver for woltlab community framework 1 passwords
[ticket/12352] Add driver for woltlab community framework 2 passwords
[ticket/12352] Add missing $ to md5_mybb and md5_vb driver
[ticket/12352] Fix spacing in passwords tests
[ticket/12352] Add passwords driver for vB passwords
[ticket/12352] Use correct hashing method in md5_mybb driver
[ticket/12352] Add driver for myBB md5 passwords
[ticket/12352] Rename phpbb2_md5 driver to fit filenames of other drivers
[ticket/12352] Add passwords driver for sha1 password hashes
...
Diffstat (limited to 'phpBB/phpbb/passwords/driver/md5_phpbb2.php')
| -rw-r--r-- | phpBB/phpbb/passwords/driver/md5_phpbb2.php | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/phpBB/phpbb/passwords/driver/md5_phpbb2.php b/phpBB/phpbb/passwords/driver/md5_phpbb2.php new file mode 100644 index 0000000000..de1993e8a1 --- /dev/null +++ b/phpBB/phpbb/passwords/driver/md5_phpbb2.php @@ -0,0 +1,118 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\passwords\driver; + +class md5_phpbb2 extends base +{ + const PREFIX = '$md5_phpbb2$'; + + /** @var \phpbb\request\request phpBB request object */ + protected $request; + + /** @var \phpbb\passwords\driver\salted_md5 */ + protected $salted_md5; + + /** @var phpBB root path */ + protected $phpbb_root_path; + + /** @var php file extension */ + protected $php_ext; + + /** + * Constructor of passwords driver object + * + * @param \phpbb\request\request $request phpBB request object + * @param \phpbb\passwords\driver\salted_md5 $salted_md5 Salted md5 driver + * @param string $phpbb_root_path phpBB root path + * @param string $php_ext PHP file extension + */ + public function __construct($request, \phpbb\passwords\driver\salted_md5 $salted_md5, $phpbb_root_path, $php_ext) + { + $this->request = $request; + $this->salted_md5 = $salted_md5; + $this->phpbb_root_path = $phpbb_root_path; + $this->php_ext = $php_ext; + } + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + // Do not support hashing + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + if (strlen($hash) != 32 && strlen($hash) != 34) + { + return false; + } + + // enable super globals to get literal value + // this is needed to prevent unicode normalization + $super_globals_disabled = $this->request->super_globals_disabled(); + if ($super_globals_disabled) + { + $this->request->enable_super_globals(); + } + + // in phpBB2 passwords were used exactly as they were sent, with addslashes applied + $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; + $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; + $password_new_format = $this->request->variable('password', '', true); + + if ($super_globals_disabled) + { + $this->request->disable_super_globals(); + } + + if ($password == $password_new_format) + { + if (!function_exists('utf8_to_cp1252')) + { + include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext); + } + + if (md5($password_old_format) === $hash || md5(\utf8_to_cp1252($password_old_format)) === $hash + || $this->salted_md5->check(md5($password_old_format), $hash) === true + || $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true) + { + return true; + } + } + + return false; + } +} |