diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-05-11 22:25:44 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-06-01 21:31:04 +0200 |
| commit | 2a96b9e285bfadee830fd57e770a210d72cd7610 (patch) | |
| tree | b14cafd4da5ba4f6270820e6d52bd8899908de7f /phpBB | |
| parent | 1e758ba7f01fb07c2f497d755837bdce9bd57f18 (diff) | |
| download | forums-2a96b9e285bfadee830fd57e770a210d72cd7610.tar forums-2a96b9e285bfadee830fd57e770a210d72cd7610.tar.gz forums-2a96b9e285bfadee830fd57e770a210d72cd7610.tar.bz2 forums-2a96b9e285bfadee830fd57e770a210d72cd7610.tar.xz forums-2a96b9e285bfadee830fd57e770a210d72cd7610.zip | |
[ticket/12352] Use $CP$ prefix for converting passwords in manager
PHPBB3-12352
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/phpbb/passwords/manager.php | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index 66ca335d45..7d46424e4d 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -246,18 +246,9 @@ class manager $stored_hash_type = $this->detect_algorithm($hash); if ($stored_hash_type == false) { - // Might be a legacy hash type. Check all legacy - // hash types and set convert flag to true if password - // is correct - foreach ($this->type_map as $algorithm) - { - if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true) - { - $this->convert_flag = true; - return true; - } - } - return false; + // Still check MD5 hashes as that is what the installer + // will default to for the admin user + return $this->get_algorithm('$H$')->check($password, $hash); } // Multiple hash passes needed @@ -277,6 +268,21 @@ class manager $this->convert_flag = false; } + if ($stored_hash_type->get_prefix() === '$CP$') + { + // Check all legacy hash types for this hash. Remove + // $CP$ prefix from beginning for proper checking. + $hash = substr($hash, 4); + + foreach ($this->type_map as $algorithm) + { + if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true) + { + return true; + } + } + } + return $stored_hash_type->check($password, $hash); } |