diff options
| -rw-r--r-- | phpBB/phpbb/auth/provider/db.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/passwords/manager.php | 4 | ||||
| -rw-r--r-- | tests/auth/fixtures/user.xml | 15 | ||||
| -rw-r--r-- | tests/auth/provider_apache_test.php | 4 | ||||
| -rw-r--r-- | tests/auth/provider_db_test.php | 7 |
5 files changed, 27 insertions, 5 deletions
diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index de07a84cf5..aa597c8e9f 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -245,7 +245,7 @@ class db extends \phpbb\auth\provider\base if (!$row['user_pass_convert'] && $this->passwords_manager->check($password, $row['user_password'])) { // Check for old password hash... - if (strlen($row['user_password']) == 32) + if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) { $hash = $this->passwords_manager->hash($password); diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index dde81a9818..0c9eb4f067 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -243,7 +243,9 @@ class manager // Multiple hash passes needed if (is_array($stored_hash_type)) { - return $this->helper->check_combined_hash($password, $stored_hash_type, $hash); + $correct = $this->helper->check_combined_hash($password, $stored_hash_type, $hash); + $this->convert_flag = ($correct === true) ? true : false; + return $correct; } if ($stored_hash_type->get_name() !== $this->type) diff --git a/tests/auth/fixtures/user.xml b/tests/auth/fixtures/user.xml index 34584babbf..6d475930a4 100644 --- a/tests/auth/fixtures/user.xml +++ b/tests/auth/fixtures/user.xml @@ -18,6 +18,21 @@ <value>1</value> <value>foobar</value> <value>foobar</value> + <value>$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i</value> + <value>0</value> + <value>0</value> + <value>example@example.com</value> + <value>0</value> + <value>0</value> + <value></value> + <value></value> + <value></value> + <value></value> + </row> + <row> + <value>2</value> + <value>foobar2</value> + <value>foobar2</value> <value>$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/</value> <value>0</value> <value>0</value> diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php index 8f65e8ad39..4c09af33e5 100644 --- a/tests/auth/provider_apache_test.php +++ b/tests/auth/provider_apache_test.php @@ -94,7 +94,7 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case 'user_row' => array( 'user_id' => '1', 'username' => 'foobar', - 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/', + 'user_password' => '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i', 'user_passchg' => '0', 'user_email' => 'example@example.com', 'user_type' => '0', @@ -130,7 +130,7 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case 'user_regdate' => '0', 'username' => 'foobar', 'username_clean' => 'foobar', - 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/', + 'user_password' => '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i', 'user_passchg' => '0', 'user_pass_convert' => '0', 'user_email' => 'example@example.com', diff --git a/tests/auth/provider_db_test.php b/tests/auth/provider_db_test.php index b979ab34c5..a6fe636edd 100644 --- a/tests/auth/provider_db_test.php +++ b/tests/auth/provider_db_test.php @@ -53,7 +53,7 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case 'user_row' => array( 'user_id' => '1', 'username' => 'foobar', - 'user_password' => '$H$9E45lK6J8nLTSm9oJE5aNCSTFK9wqa/', + 'user_password' => '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i', 'user_passchg' => '0', 'user_pass_convert' => '0', 'user_email' => 'example@example.com', @@ -63,5 +63,10 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case ); $this->assertEquals($expected, $provider->login('foobar', 'example')); + + // Check if convert works + $login_return = $provider->login('foobar2', 'example'); + $password_start = (version_compare(PHP_VERSION, '5.3.7', '<')) ? '$2a$10$' : '$2y$10$'; + $this->assertStringStartsWith($password_start, $login_return['user_row']['user_password']); } } |