aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/passwords
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2014-06-02 10:14:26 +0200
committerMarc Alexander <admin@m-a-styles.de>2014-06-02 10:14:26 +0200
commitac311e1b39f891ba3c137f6203981c491639bec3 (patch)
tree43e76978dcbc89aec7ad6a65d2f08cadc62772e6 /phpBB/phpbb/passwords
parent94b2b64ca199f3db66818c3830c96ea9ff7eeff9 (diff)
downloadforums-ac311e1b39f891ba3c137f6203981c491639bec3.tar
forums-ac311e1b39f891ba3c137f6203981c491639bec3.tar.gz
forums-ac311e1b39f891ba3c137f6203981c491639bec3.tar.bz2
forums-ac311e1b39f891ba3c137f6203981c491639bec3.tar.xz
forums-ac311e1b39f891ba3c137f6203981c491639bec3.zip
[ticket/12352] Do not check hashes that don't have the necessary length
This should significantly reduce the time spent on checking hashes of passwords that should be converted. PHPBB3-12352
Diffstat (limited to 'phpBB/phpbb/passwords')
-rw-r--r--phpBB/phpbb/passwords/driver/bcrypt_wcf2.php2
-rw-r--r--phpBB/phpbb/passwords/driver/md5_mybb.php2
-rw-r--r--phpBB/phpbb/passwords/driver/md5_vb.php2
-rw-r--r--phpBB/phpbb/passwords/driver/sha1.php2
-rw-r--r--phpBB/phpbb/passwords/driver/sha1_smf.php2
-rw-r--r--phpBB/phpbb/passwords/driver/sha1_wcf1.php2
-rw-r--r--phpBB/phpbb/passwords/driver/sha_xf1.php2
7 files changed, 7 insertions, 7 deletions
diff --git a/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php b/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php
index fe6e36406e..f706c7af69 100644
--- a/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php
+++ b/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php
@@ -65,7 +65,7 @@ class bcrypt_wcf2 extends base
*/
public function check($password, $hash, $user_row = array())
{
- if (empty($hash))
+ if (empty($hash) || strlen($hash) != 60)
{
return false;
}
diff --git a/phpBB/phpbb/passwords/driver/md5_mybb.php b/phpBB/phpbb/passwords/driver/md5_mybb.php
index dceffe8e68..0745bceb5e 100644
--- a/phpBB/phpbb/passwords/driver/md5_mybb.php
+++ b/phpBB/phpbb/passwords/driver/md5_mybb.php
@@ -47,7 +47,7 @@ class md5_mybb extends base
*/
public function check($password, $hash, $user_row = array())
{
- if (empty($hash) || !isset($user_row['user_passwd_salt']))
+ if (empty($hash) || strlen($hash) != 32 || !isset($user_row['user_passwd_salt']))
{
return false;
}
diff --git a/phpBB/phpbb/passwords/driver/md5_vb.php b/phpBB/phpbb/passwords/driver/md5_vb.php
index e15680222d..440b9e39e9 100644
--- a/phpBB/phpbb/passwords/driver/md5_vb.php
+++ b/phpBB/phpbb/passwords/driver/md5_vb.php
@@ -47,7 +47,7 @@ class md5_vb extends base
*/
public function check($password, $hash, $user_row = array())
{
- if (empty($hash) || !isset($user_row['user_passwd_salt']))
+ if (empty($hash) || strlen($hash) != 32 || !isset($user_row['user_passwd_salt']))
{
return false;
}
diff --git a/phpBB/phpbb/passwords/driver/sha1.php b/phpBB/phpbb/passwords/driver/sha1.php
index 35df1ebe96..5d6c93f6a8 100644
--- a/phpBB/phpbb/passwords/driver/sha1.php
+++ b/phpBB/phpbb/passwords/driver/sha1.php
@@ -47,6 +47,6 @@ class sha1 extends base
*/
public function check($password, $hash, $user_row = array())
{
- return $hash === sha1($password);
+ return (strlen($hash) == 40) ? $hash === sha1($password) : false;
}
}
diff --git a/phpBB/phpbb/passwords/driver/sha1_smf.php b/phpBB/phpbb/passwords/driver/sha1_smf.php
index 6cc0841f4d..3e3322d77f 100644
--- a/phpBB/phpbb/passwords/driver/sha1_smf.php
+++ b/phpBB/phpbb/passwords/driver/sha1_smf.php
@@ -46,6 +46,6 @@ class sha1_smf extends base
*/
public function check($password, $hash, $user_row = array())
{
- return $hash === $this->hash($password, $user_row);
+ return (strlen($hash) == 40) ? $hash === $this->hash($password, $user_row) : false;
}
}
diff --git a/phpBB/phpbb/passwords/driver/sha1_wcf1.php b/phpBB/phpbb/passwords/driver/sha1_wcf1.php
index 77168e70eb..04a69705e9 100644
--- a/phpBB/phpbb/passwords/driver/sha1_wcf1.php
+++ b/phpBB/phpbb/passwords/driver/sha1_wcf1.php
@@ -47,7 +47,7 @@ class sha1_wcf1 extends base
*/
public function check($password, $hash, $user_row = array())
{
- if (empty($hash) || !isset($user_row['user_passwd_salt']))
+ if (empty($hash) || strlen($hash) != 40 || !isset($user_row['user_passwd_salt']))
{
return false;
}
diff --git a/phpBB/phpbb/passwords/driver/sha_xf1.php b/phpBB/phpbb/passwords/driver/sha_xf1.php
index 08b8cecaf3..7ae0b90f51 100644
--- a/phpBB/phpbb/passwords/driver/sha_xf1.php
+++ b/phpBB/phpbb/passwords/driver/sha_xf1.php
@@ -47,7 +47,7 @@ class sha_xf1 extends base
*/
public function check($password, $hash, $user_row = array())
{
- if (empty($hash) || !isset($user_row['user_passwd_salt']))
+ if (empty($hash) || (strlen($hash) != 40 && strlen($hash) != 64) || !isset($user_row['user_passwd_salt']))
{
return false;
}