blob: 7796ff68732de601eaab52cb4b29589134d114f9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
<?php
/**
*
* @package phpBB3
* @copyright (c) 2014 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
namespace phpbb\passwords\driver;
/**
* @package passwords
*/
class phpbb2_md5 extends base
{
const PREFIX = '$phpbb2_md5$';
/** @var \phpbb\request\request phpBB request object */
protected $request;
/** @var phpBB root path */
protected $phpbb_root_path;
/** @var php file extension */
protected $php_ext;
/**
* Constructor of passwords driver object
*
* @param \phpbb\request\request $request phpBB request object
* @param string $phpbb_root_path phpBB root path
* @param string $php_ext PHP file extension
*/
public function __construct($request, $phpbb_root_path, $php_ext)
{
$this->request = $request;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}
/**
* @inheritdoc
*/
public function get_prefix()
{
return self::PREFIX;
}
/**
* @inheritdoc
*/
public function is_legacy()
{
return true;
}
/**
* @inheritdoc
*/
public function hash($password, $user_row = '')
{
// Do not support hashing
return false;
}
/**
* @inheritdoc
*/
public function check($password, $hash, $user_row = array())
{
if (strlen($hash) != 32)
{
return false;
}
// enable super globals to get literal value
// this is needed to prevent unicode normalization
$super_globals_disabled = $this->request->super_globals_disabled();
if ($super_globals_disabled)
{
$this->request->enable_super_globals();
}
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = $this->request->variable('password', '', true);
if ($super_globals_disabled)
{
$this->request->disable_super_globals();
}
if ($password == $password_new_format)
{
if (!function_exists('utf8_to_cp1252'))
{
include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
}
if (md5($password_old_format) === $hash || md5(\utf8_to_cp1252($password_old_format)) === $hash)
{
return true;
}
}
return false;
}
/**
* @inheritdoc
*/
public function get_settings_only($hash, $full = false)
{
return false;
}
}
|
