diff options
Diffstat (limited to 'phpBB/phpbb/passwords/manager.php')
| -rw-r--r-- | phpBB/phpbb/passwords/manager.php | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index 66ca335d45..7d46424e4d 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -246,18 +246,9 @@ class manager $stored_hash_type = $this->detect_algorithm($hash); if ($stored_hash_type == false) { - // Might be a legacy hash type. Check all legacy - // hash types and set convert flag to true if password - // is correct - foreach ($this->type_map as $algorithm) - { - if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true) - { - $this->convert_flag = true; - return true; - } - } - return false; + // Still check MD5 hashes as that is what the installer + // will default to for the admin user + return $this->get_algorithm('$H$')->check($password, $hash); } // Multiple hash passes needed @@ -277,6 +268,21 @@ class manager $this->convert_flag = false; } + if ($stored_hash_type->get_prefix() === '$CP$') + { + // Check all legacy hash types for this hash. Remove + // $CP$ prefix from beginning for proper checking. + $hash = substr($hash, 4); + + foreach ($this->type_map as $algorithm) + { + if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true) + { + return true; + } + } + } + return $stored_hash_type->check($password, $hash); } |