diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-05-27 18:12:33 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-06-01 21:31:04 +0200 |
| commit | 5a243af879b42f1323d716f75c981bcfb42b2afe (patch) | |
| tree | b1f18b62a8015c83d55d2235e83ffd3bf2aea415 /phpBB/phpbb/passwords/driver | |
| parent | 60cb648ab0bd3cba627f9f1c020ace613e18f3d5 (diff) | |
| download | forums-5a243af879b42f1323d716f75c981bcfb42b2afe.tar forums-5a243af879b42f1323d716f75c981bcfb42b2afe.tar.gz forums-5a243af879b42f1323d716f75c981bcfb42b2afe.tar.bz2 forums-5a243af879b42f1323d716f75c981bcfb42b2afe.tar.xz forums-5a243af879b42f1323d716f75c981bcfb42b2afe.zip | |
[ticket/12352] Add driver for phpBB2 hashes with md5 length of 32
PHPBB3-12352
Diffstat (limited to 'phpBB/phpbb/passwords/driver')
| -rw-r--r-- | phpBB/phpbb/passwords/driver/phpbb2_md5.php | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/phpBB/phpbb/passwords/driver/phpbb2_md5.php b/phpBB/phpbb/passwords/driver/phpbb2_md5.php new file mode 100644 index 0000000000..7796ff6873 --- /dev/null +++ b/phpBB/phpbb/passwords/driver/phpbb2_md5.php @@ -0,0 +1,118 @@ +<?php +/** +* +* @package phpBB3 +* @copyright (c) 2014 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +namespace phpbb\passwords\driver; + +/** +* @package passwords +*/ +class phpbb2_md5 extends base +{ + const PREFIX = '$phpbb2_md5$'; + + /** @var \phpbb\request\request phpBB request object */ + protected $request; + + /** @var phpBB root path */ + protected $phpbb_root_path; + + /** @var php file extension */ + protected $php_ext; + + /** + * Constructor of passwords driver object + * + * @param \phpbb\request\request $request phpBB request object + * @param string $phpbb_root_path phpBB root path + * @param string $php_ext PHP file extension + */ + public function __construct($request, $phpbb_root_path, $php_ext) + { + $this->request = $request; + $this->phpbb_root_path = $phpbb_root_path; + $this->php_ext = $php_ext; + } + + /** + * @inheritdoc + */ + public function get_prefix() + { + return self::PREFIX; + } + + /** + * @inheritdoc + */ + public function is_legacy() + { + return true; + } + + /** + * @inheritdoc + */ + public function hash($password, $user_row = '') + { + // Do not support hashing + return false; + } + + /** + * @inheritdoc + */ + public function check($password, $hash, $user_row = array()) + { + if (strlen($hash) != 32) + { + return false; + } + + // enable super globals to get literal value + // this is needed to prevent unicode normalization + $super_globals_disabled = $this->request->super_globals_disabled(); + if ($super_globals_disabled) + { + $this->request->enable_super_globals(); + } + + // in phpBB2 passwords were used exactly as they were sent, with addslashes applied + $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; + $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; + $password_new_format = $this->request->variable('password', '', true); + + if ($super_globals_disabled) + { + $this->request->disable_super_globals(); + } + + if ($password == $password_new_format) + { + if (!function_exists('utf8_to_cp1252')) + { + include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext); + } + + if (md5($password_old_format) === $hash || md5(\utf8_to_cp1252($password_old_format)) === $hash) + { + return true; + } + } + + return false; + } + + /** + * @inheritdoc + */ + public function get_settings_only($hash, $full = false) + { + return false; + } +} |