diff options
| author | Nils Adermann <naderman@naderman.de> | 2014-06-11 14:27:57 +0200 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2014-06-11 14:27:57 +0200 |
| commit | 694f8391c9d3a948159ea2564e6bf4c606eb4053 (patch) | |
| tree | a8aedc3999eb93513c7e6e8f1f83fbaa342feea5 /phpBB/phpbb/passwords/manager.php | |
| parent | e1f371d14a0db43d4784bc047ad3929ec844697e (diff) | |
| parent | ac311e1b39f891ba3c137f6203981c491639bec3 (diff) | |
| download | forums-694f8391c9d3a948159ea2564e6bf4c606eb4053.tar forums-694f8391c9d3a948159ea2564e6bf4c606eb4053.tar.gz forums-694f8391c9d3a948159ea2564e6bf4c606eb4053.tar.bz2 forums-694f8391c9d3a948159ea2564e6bf4c606eb4053.tar.xz forums-694f8391c9d3a948159ea2564e6bf4c606eb4053.zip | |
Merge remote-tracking branch 'github-marc1706/ticket/12352' into develop-ascraeus
* github-marc1706/ticket/12352: (33 commits)
[ticket/12352] Do not check hashes that don't have the necessary length
[ticket/12352] Update file headers to fit new format
[ticket/12352] Use custom provider collection for auth providers
[ticket/12352] Add checks for existing user_pass_convert to migrations
[ticket/12352] Remove usages of user_pass_convert column
[ticket/12352] Update schema json file
[ticket/12352] Remove user_pass_convert column from database
[ticket/12352] Check each newly added passwords driver in manager_test
[ticket/12352] Add get_settings_only method to passwords driver base
[ticket/12352] Add passwords driver for xenforo 1.0, 1.1 passwords
[ticket/12352] Add tests for wcf1 and wcf2 drivers
[ticket/12352] Add driver for woltlab community framework 1 passwords
[ticket/12352] Add driver for woltlab community framework 2 passwords
[ticket/12352] Add missing $ to md5_mybb and md5_vb driver
[ticket/12352] Fix spacing in passwords tests
[ticket/12352] Add passwords driver for vB passwords
[ticket/12352] Use correct hashing method in md5_mybb driver
[ticket/12352] Add driver for myBB md5 passwords
[ticket/12352] Rename phpbb2_md5 driver to fit filenames of other drivers
[ticket/12352] Add passwords driver for sha1 password hashes
...
Diffstat (limited to 'phpBB/phpbb/passwords/manager.php')
| -rw-r--r-- | phpBB/phpbb/passwords/manager.php | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index 8b16cf55dd..0a349c4a14 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -141,7 +141,7 @@ class manager */ if (!preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $hash, $match)) { - return $this->get_algorithm('$H$'); + return false; } // Be on the lookout for multiple hashing algorithms @@ -224,9 +224,10 @@ class manager * * @param string $password Password that should be checked * @param string $hash Stored hash + * @param array $user_row User's row in users table * @return string|bool True if password is correct, false if not */ - public function check($password, $hash) + public function check($password, $hash, $user_row = array()) { if (strlen($password) > 4096) { @@ -235,11 +236,19 @@ class manager return false; } + // Empty hashes can't be checked + if (empty($hash)) + { + return false; + } + // First find out what kind of hash we're dealing with $stored_hash_type = $this->detect_algorithm($hash); if ($stored_hash_type == false) { - return false; + // Still check MD5 hashes as that is what the installer + // will default to for the admin user + return $this->get_algorithm('$H$')->check($password, $hash); } // Multiple hash passes needed @@ -259,6 +268,21 @@ class manager $this->convert_flag = false; } + // Check all legacy hash types if prefix is $CP$ + if ($stored_hash_type->get_prefix() === '$CP$') + { + // Remove $CP$ prefix for proper checking + $hash = substr($hash, 4); + + foreach ($this->type_map as $algorithm) + { + if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true) + { + return true; + } + } + } + return $stored_hash_type->check($password, $hash); } |