diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-10-22 14:54:55 -0500 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-10-22 14:54:55 -0500 |
| commit | 0bc04a4df098da1fd8fe6e272ebf877ae15b7032 (patch) | |
| tree | 8a71d60ef5bee7092c97c2faaab33a8340d1348b /phpBB/phpbb/passwords/driver/sha_xf1.php | |
| parent | 2b47ef1266a04ae0bf692a1568687968e8e2b827 (diff) | |
| download | forums-0bc04a4df098da1fd8fe6e272ebf877ae15b7032.tar forums-0bc04a4df098da1fd8fe6e272ebf877ae15b7032.tar.gz forums-0bc04a4df098da1fd8fe6e272ebf877ae15b7032.tar.bz2 forums-0bc04a4df098da1fd8fe6e272ebf877ae15b7032.tar.xz forums-0bc04a4df098da1fd8fe6e272ebf877ae15b7032.zip | |
[ticket/13203] Use string_compare method in passwords drivers
PHPBB3-13203
Diffstat (limited to 'phpBB/phpbb/passwords/driver/sha_xf1.php')
| -rw-r--r-- | phpBB/phpbb/passwords/driver/sha_xf1.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/phpBB/phpbb/passwords/driver/sha_xf1.php b/phpBB/phpbb/passwords/driver/sha_xf1.php index 7a1ea1450a..9d8f01796e 100644 --- a/phpBB/phpbb/passwords/driver/sha_xf1.php +++ b/phpBB/phpbb/passwords/driver/sha_xf1.php @@ -54,8 +54,8 @@ class sha_xf1 extends base else { // Works for xenforo 1.0, 1.1 - if ($hash === sha1(sha1($password) . $user_row['user_passwd_salt']) - || $hash === hash('sha256', hash('sha256', $password) . $user_row['user_passwd_salt'])) + if ($this->helper->string_compare($hash, sha1(sha1($password) . $user_row['user_passwd_salt'])) + || $this->helper->string_compare($hash, hash('sha256', hash('sha256', $password) . $user_row['user_passwd_salt']))) { return true; } |