18 files changed, 822 insertions, 90 deletions
diff --git a/phpBB/phpbb/passwords/driver/base.php b/phpBB/phpbb/passwords/driver/base.php
index 8256fd721c..fd07a61bf4 100644
--- a/phpBB/phpbb/passwords/driver/base.php
+++ b/phpBB/phpbb/passwords/driver/base.php
@@ -1,23 +1,24 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\passwords\driver;
 
-/**
-* @package passwords
-*/
 abstract class base implements driver_interface
 {
-	/** @var phpbb\config\config */
+	/** @var \phpbb\config\config */
 	protected $config;
 
-	/** @var phpbb\passwords\driver\helper */
+	/** @var \phpbb\passwords\driver\helper */
 	protected $helper;
 
 	/** @var driver name */
@@ -36,10 +37,26 @@ abstract class base implements driver_interface
 	}
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
 	public function is_supported()
 	{
 		return true;
 	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_settings_only($hash, $full = false)
+	{
+		return false;
+	}
 }
diff --git a/phpBB/phpbb/passwords/driver/bcrypt.php b/phpBB/phpbb/passwords/driver/bcrypt.php
index 1d1b1e267d..eab1c3d569 100644
--- a/phpBB/phpbb/passwords/driver/bcrypt.php
+++ b/phpBB/phpbb/passwords/driver/bcrypt.php
@@ -1,23 +1,24 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\passwords\driver;
 
-/**
-* @package passwords
-*/
 class bcrypt extends base
 {
 	const PREFIX = '$2a$';
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
 	public function get_prefix()
 	{
@@ -25,7 +26,7 @@ class bcrypt extends base
 	}
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
 	public function hash($password, $salt = '')
 	{
@@ -57,9 +58,9 @@ class bcrypt extends base
 	}
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
-	public function check($password, $hash)
+	public function check($password, $hash, $user_row = array())
 	{
 		$salt = substr($hash, 0, 29);
 		if (strlen($salt) != 29)
@@ -67,7 +68,7 @@ class bcrypt extends base
 			return false;
 		}
 
-		if ($hash == $this->hash($password, $salt))
+		if ($this->helper->string_compare($hash, $this->hash($password, $salt)))
 		{
 			return true;
 		}
@@ -85,7 +86,7 @@ class bcrypt extends base
 	}
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
 	public function get_settings_only($hash, $full = false)
 	{
diff --git a/phpBB/phpbb/passwords/driver/bcrypt_2y.php b/phpBB/phpbb/passwords/driver/bcrypt_2y.php
index 11c3617e49..c710e0d04a 100644
--- a/phpBB/phpbb/passwords/driver/bcrypt_2y.php
+++ b/phpBB/phpbb/passwords/driver/bcrypt_2y.php
@@ -1,23 +1,24 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\passwords\driver;
 
-/**
-* @package passwords
-*/
 class bcrypt_2y extends bcrypt
 {
 	const PREFIX = '$2y$';
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
 	public function get_prefix()
 	{
@@ -25,7 +26,7 @@ class bcrypt_2y extends bcrypt
 	}
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
 	public function is_supported()
 	{
diff --git a/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php b/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php
new file mode 100644
index 0000000000..0eee98d7b7
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php
@@ -0,0 +1,84 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class bcrypt_wcf2 extends base
+{
+	const PREFIX = '$wcf2$';
+
+	/** @var \phpbb\passwords\driver\bcrypt */
+	protected $bcrypt;
+
+	/** @var \phpbb\passwords\driver\helper */
+	protected $helper;
+
+	/**
+	* Constructor of passwords driver object
+	*
+	* @param \phpbb\passwords\driver\bcrypt $bcrypt Salted md5 driver
+	* @param \phpbb\passwords\driver\helper $helper Password driver helper
+	*/
+	public function __construct(\phpbb\passwords\driver\bcrypt $bcrypt, helper $helper)
+	{
+		$this->bcrypt = $bcrypt;
+		$this->helper = $helper;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $user_row = '')
+	{
+		// Do not support hashing
+		return false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		if (empty($hash) || strlen($hash) != 60)
+		{
+			return false;
+		}
+		else
+		{
+			$salt = substr($hash, 0, 29);
+
+			if (strlen($salt) != 29)
+			{
+				return false;
+			}
+			// Works for standard WCF 2.x, i.e. WBB4 and similar
+			return $this->helper->string_compare($hash, $this->bcrypt->hash($this->bcrypt->hash($password, $salt), $salt));
+		}
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/convert_password.php b/phpBB/phpbb/passwords/driver/convert_password.php
new file mode 100644
index 0000000000..eb70434df2
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/convert_password.php
@@ -0,0 +1,43 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class convert_password extends base
+{
+	const PREFIX = '$CP$';
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $user_row = '')
+	{
+		return false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		return false;
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/driver_interface.php b/phpBB/phpbb/passwords/driver/driver_interface.php
index ebaf0626af..3974484f13 100644
--- a/phpBB/phpbb/passwords/driver/driver_interface.php
+++ b/phpBB/phpbb/passwords/driver/driver_interface.php
@@ -1,17 +1,18 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\passwords\driver;
 
-/**
-* @package passwords
-*/
 interface driver_interface
 {
 	/**
@@ -22,6 +23,13 @@ interface driver_interface
 	public function is_supported();
 
 	/**
+	* Check if hash type is a legacy hash type
+	*
+	* @return bool		True if it's a legacy hash type, false if not
+	*/
+	public function is_legacy();
+
+	/**
 	* Returns the hash prefix
 	*
 	* @return string	Hash prefix
@@ -43,10 +51,11 @@ interface driver_interface
 	*
 	* @param string		$password The password to check
 	* @param string		$hash The password hash to check against
+	* @param array		$user_row User's row in users table
 	*
 	* @return bool		True if password is correct, else false
 	*/
-	public function check($password, $hash);
+	public function check($password, $hash, $user_row = array());
 
 	/**
 	* Get only the settings of the specified hash
diff --git a/phpBB/phpbb/passwords/driver/helper.php b/phpBB/phpbb/passwords/driver/helper.php
index 4b8dc9a123..f80c3e3df6 100644
--- a/phpBB/phpbb/passwords/driver/helper.php
+++ b/phpBB/phpbb/passwords/driver/helper.php
@@ -1,21 +1,22 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\passwords\driver;
 
-/**
-* @package passwords
-*/
 class helper
 {
 	/**
-	* @var phpbb\config\config
+	* @var \phpbb\config\config
 	*/
 	protected $config;
 
@@ -28,7 +29,7 @@ class helper
 	/**
 	* Construct a driver helper object
 	*
-	* @param phpbb\config\config $config phpBB configuration
+	* @param \phpbb\config\config $config phpBB configuration
 	*/
 	public function __construct(\phpbb\config\config $config)
 	{
@@ -141,4 +142,36 @@ class helper
 		}
 		return $random;
 	}
+
+	/**
+	 * Compare two strings byte by byte
+	 *
+	 * @param string $string_a The first string
+	 * @param string $string_b The second string
+	 *
+	 * @return bool True if strings are the same, false if not
+	 */
+	public function string_compare($string_a, $string_b)
+	{
+		// Return if input variables are not strings or if length does not match
+		if (!is_string($string_a) || !is_string($string_b) || strlen($string_a) != strlen($string_b))
+		{
+			return false;
+		}
+
+		// Use hash_equals() if it's available
+		if (function_exists('hash_equals'))
+		{
+			return hash_equals($string_a, $string_b);
+		}
+
+		$difference = 0;
+
+		for ($i = 0; $i < strlen($string_a) && $i < strlen($string_b); $i++)
+		{
+			$difference |= ord($string_a[$i]) ^ ord($string_b[$i]);
+		}
+
+		return $difference === 0;
+	}
 }
diff --git a/phpBB/phpbb/passwords/driver/md5_mybb.php b/phpBB/phpbb/passwords/driver/md5_mybb.php
new file mode 100644
index 0000000000..f631ceae78
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/md5_mybb.php
@@ -0,0 +1,60 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class md5_mybb extends base
+{
+	const PREFIX = '$md5_mybb$';
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $user_row = '')
+	{
+		// Do not support hashing
+		return false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		if (empty($hash) || strlen($hash) != 32 || !isset($user_row['user_passwd_salt']))
+		{
+			return false;
+		}
+		else
+		{
+			// Works for myBB 1.1.x, 1.2.x, 1.4.x, 1.6.x
+			return $this->helper->string_compare($hash, md5(md5($user_row['user_passwd_salt']) . md5($password)));
+		}
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/md5_phpbb2.php b/phpBB/phpbb/passwords/driver/md5_phpbb2.php
new file mode 100644
index 0000000000..bd8cc51e5a
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/md5_phpbb2.php
@@ -0,0 +1,123 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class md5_phpbb2 extends base
+{
+	const PREFIX = '$md5_phpbb2$';
+
+	/** @var \phpbb\request\request phpBB request object */
+	protected $request;
+
+	/** @var \phpbb\passwords\driver\salted_md5 */
+	protected $salted_md5;
+
+	/** @var \phpbb\passwords\driver\helper */
+	protected $helper;
+
+	/** @var string phpBB root path */
+	protected $phpbb_root_path;
+
+	/** @var string php file extension */
+	protected $php_ext;
+
+	/**
+	* Constructor of passwords driver object
+	*
+	* @param \phpbb\request\request $request phpBB request object
+	* @param \phpbb\passwords\driver\salted_md5 $salted_md5 Salted md5 driver
+	 * @param \phpbb\passwords\driver\helper $helper Driver helper
+	* @param string $phpbb_root_path phpBB root path
+	* @param string $php_ext PHP file extension
+	*/
+	public function __construct($request, salted_md5 $salted_md5, helper $helper, $phpbb_root_path, $php_ext)
+	{
+		$this->request = $request;
+		$this->salted_md5 = $salted_md5;
+		$this->helper = $helper;
+		$this->phpbb_root_path = $phpbb_root_path;
+		$this->php_ext = $php_ext;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $user_row = '')
+	{
+		// Do not support hashing
+		return false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		if (strlen($hash) != 32 && strlen($hash) != 34)
+		{
+			return false;
+		}
+
+		// enable super globals to get literal value
+		// this is needed to prevent unicode normalization
+		$super_globals_disabled = $this->request->super_globals_disabled();
+		if ($super_globals_disabled)
+		{
+			$this->request->enable_super_globals();
+		}
+
+		// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
+		$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
+		$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
+		$password_new_format = $this->request->variable('password', '', true);
+
+		if ($super_globals_disabled)
+		{
+			$this->request->disable_super_globals();
+		}
+
+		if ($password == $password_new_format)
+		{
+			if (!function_exists('utf8_to_cp1252'))
+			{
+				include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
+			}
+
+			if ($this->helper->string_compare(md5($password_old_format), $hash) || $this->helper->string_compare(md5(\utf8_to_cp1252($password_old_format)), $hash)
+				|| $this->salted_md5->check(md5($password_old_format), $hash) === true
+				|| $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true)
+			{
+				return true;
+			}
+		}
+
+		return false;
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/md5_vb.php b/phpBB/phpbb/passwords/driver/md5_vb.php
new file mode 100644
index 0000000000..280b7114c7
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/md5_vb.php
@@ -0,0 +1,60 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class md5_vb extends base
+{
+	const PREFIX = '$md5_vb$';
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $user_row = '')
+	{
+		// Do not support hashing
+		return false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		if (empty($hash) || strlen($hash) != 32 || !isset($user_row['user_passwd_salt']))
+		{
+			return false;
+		}
+		else
+		{
+			// Works for vB 3.8.x, 4.x.x, 5.0.x
+			return $this->helper->string_compare($hash, md5(md5($password) . $user_row['user_passwd_salt']));
+		}
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/phpass.php b/phpBB/phpbb/passwords/driver/phpass.php
index 80c4d7a7f0..bef8355276 100644
--- a/phpBB/phpbb/passwords/driver/phpass.php
+++ b/phpBB/phpbb/passwords/driver/phpass.php
@@ -1,23 +1,24 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\passwords\driver;
 
-/**
-* @package passwords
-*/
 class phpass extends salted_md5
 {
 	const PREFIX = '$P$';
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
 	public function get_prefix()
 	{
diff --git a/phpBB/phpbb/passwords/driver/salted_md5.php b/phpBB/phpbb/passwords/driver/salted_md5.php
index 5c72726422..38d6d9cd2c 100644
--- a/phpBB/phpbb/passwords/driver/salted_md5.php
+++ b/phpBB/phpbb/passwords/driver/salted_md5.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -37,15 +41,12 @@ namespace phpbb\passwords\driver;
 *
 */
 
-/**
-* @package passwords
-*/
 class salted_md5 extends base
 {
 	const PREFIX = '$H$';
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
 	public function get_prefix()
 	{
@@ -53,7 +54,15 @@ class salted_md5 extends base
 	}
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
 	*/
 	public function hash($password, $setting = '')
 	{
@@ -66,7 +75,7 @@ class salted_md5 extends base
 				// happen if pre-determined settings are
 				// directly passed to the driver. The manager
 				// will not do this. Same as the old hashing
-				// implementatio in phpBB 3.0
+				// implementation in phpBB 3.0
 				return md5($password);
 			}
 		}
@@ -89,16 +98,16 @@ class salted_md5 extends base
 	}
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
-	public function check($password, $hash)
+	public function check($password, $hash, $user_row = array())
 	{
 		if (strlen($hash) !== 34)
 		{
 			return md5($password) === $hash;
 		}
 
-		return $hash === $this->hash($password, $hash);
+		return $this->helper->string_compare($hash, $this->hash($password, $hash));
 	}
 
 	/**
@@ -151,7 +160,7 @@ class salted_md5 extends base
 	}
 
 	/**
-	* @inheritdoc
+	* {@inheritdoc}
 	*/
 	public function get_settings_only($hash, $full = false)
 	{
diff --git a/phpBB/phpbb/passwords/driver/sha1.php b/phpBB/phpbb/passwords/driver/sha1.php
new file mode 100644
index 0000000000..1abead42cd
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/sha1.php
@@ -0,0 +1,52 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class sha1 extends base
+{
+	const PREFIX = '$sha1$';
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $user_row = '')
+	{
+		// Do not support hashing
+		return false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		return (strlen($hash) == 40) ? $this->helper->string_compare($hash, sha1($password)) : false;
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/sha1_smf.php b/phpBB/phpbb/passwords/driver/sha1_smf.php
new file mode 100644
index 0000000000..b30d87265e
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/sha1_smf.php
@@ -0,0 +1,51 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class sha1_smf extends base
+{
+	const PREFIX = '$smf$';
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $user_row = '')
+	{
+		return (isset($user_row['login_name'])) ? sha1(strtolower($user_row['login_name']) . $password) : false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		return (strlen($hash) == 40) ? $this->helper->string_compare($hash, $this->hash($password, $user_row)) : false;
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/sha1_wcf1.php b/phpBB/phpbb/passwords/driver/sha1_wcf1.php
new file mode 100644
index 0000000000..68006486c4
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/sha1_wcf1.php
@@ -0,0 +1,60 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class sha1_wcf1 extends base
+{
+	const PREFIX = '$wcf1$';
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $user_row = '')
+	{
+		// Do not support hashing
+		return false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		if (empty($hash) || strlen($hash) != 40 || !isset($user_row['user_passwd_salt']))
+		{
+			return false;
+		}
+		else
+		{
+			// Works for standard WCF 1.x, i.e. WBB3 and similar
+			return $this->helper->string_compare($hash, sha1($user_row['user_passwd_salt'] . sha1($user_row['user_passwd_salt'] . sha1($password))));
+		}
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/sha_xf1.php b/phpBB/phpbb/passwords/driver/sha_xf1.php
new file mode 100644
index 0000000000..9d8f01796e
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/sha_xf1.php
@@ -0,0 +1,68 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class sha_xf1 extends base
+{
+	const PREFIX = '$xf1$';
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return self::PREFIX;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_legacy()
+	{
+		return true;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password, $user_row = '')
+	{
+		// Do not support hashing
+		return false;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = array())
+	{
+		if (empty($hash) || (strlen($hash) != 40 && strlen($hash) != 64) || !isset($user_row['user_passwd_salt']))
+		{
+			return false;
+		}
+		else
+		{
+			// Works for xenforo 1.0, 1.1
+			if ($this->helper->string_compare($hash, sha1(sha1($password) . $user_row['user_passwd_salt']))
+				|| $this->helper->string_compare($hash, hash('sha256', hash('sha256', $password) . $user_row['user_passwd_salt'])))
+			{
+				return true;
+			}
+			else
+			{
+				return false;
+			}
+		}
+	}
+}
diff --git a/phpBB/phpbb/passwords/helper.php b/phpBB/phpbb/passwords/helper.php
index 95bad5805f..c2a49202cd 100644
--- a/phpBB/phpbb/passwords/helper.php
+++ b/phpBB/phpbb/passwords/helper.php
@@ -1,17 +1,18 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\passwords;
 
-/**
-* @package passwords
-*/
 class helper
 {
 	/**
@@ -59,7 +60,7 @@ class helper
 			$data[$type] .= ($data[$type] !== '$') ? '\\' : '';
 			$data[$type] .= str_replace('$', '', $value);
 		}
-		elseif ($type == 'settings')
+		else if ($type == 'settings')
 		{
 			$data[$type] .= ($data[$type] !== '$') ? '$' : '';
 			$data[$type] .= $value;
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php
index 0ac6b05ec4..b2caba81f2 100644
--- a/phpBB/phpbb/passwords/manager.php
+++ b/phpBB/phpbb/passwords/manager.php
@@ -1,17 +1,18 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\passwords;
 
-/**
-* @package passwords
-*/
 class manager
 {
 	/**
@@ -38,32 +39,58 @@ class manager
 
 	/**
 	* Passwords helper
-	* @var phpbb\passwords\helper
+	* @var \phpbb\passwords\helper
 	*/
 	protected $helper;
 
 	/**
 	* phpBB configuration
-	* @var phpbb\config\config
+	* @var \phpbb\config\config
 	*/
 	protected $config;
 
 	/**
+	 * @var bool Whether or not initialized() has been called
+	 */
+	private $initialized = false;
+
+	/**
+	 * @var array Hashing driver service collection
+	 */
+	private $hashing_algorithms;
+
+	/**
+	 * @var array List of default driver types
+	 */
+	private $defaults;
+
+	/**
 	* Construct a passwords object
 	*
-	* @param phpbb\config\config $config phpBB configuration
-	* @param array $hashing_algorithms Hashing driver
-	*			service collection
-	* @param phpbb\passwords\helper $helper Passwords helper object
-	* @param string $defaults List of default driver types
+	* @param \phpbb\config\config		$config				phpBB configuration
+	* @param array						$hashing_algorithms	Hashing driver service collection
+	* @param \phpbb\passwords\helper	$helper				Passwords helper object
+	* @param array						$defaults			List of default driver types
 	*/
 	public function __construct(\phpbb\config\config $config, $hashing_algorithms, helper $helper, $defaults)
 	{
 		$this->config = $config;
 		$this->helper = $helper;
+		$this->hashing_algorithms = $hashing_algorithms;
+		$this->defaults = $defaults;
+	}
 
-		$this->fill_type_map($hashing_algorithms);
-		$this->register_default_type($defaults);
+	/**
+	 * Initialize the internal state
+	 */
+	protected function initialize()
+	{
+		if (!$this->initialized)
+		{
+			$this->initialized = true;
+			$this->fill_type_map($this->hashing_algorithms);
+			$this->register_default_type($this->defaults);
+		}
 	}
 
 	/**
@@ -88,7 +115,7 @@ class manager
 	/**
 	* Fill algorithm type map
 	*
-	* @param phpbb\di\service_collection $hashing_algorithms
+	* @param \phpbb\di\service_collection $hashing_algorithms
 	*/
 	protected function fill_type_map($hashing_algorithms)
 	{
@@ -140,9 +167,11 @@ class manager
 		*/
 		if (!preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $hash, $match))
 		{
-			return $this->get_algorithm('$H$');
+			return false;
 		}
 
+		$this->initialize();
+
 		// Be on the lookout for multiple hashing algorithms
 		// 2 is correct: H\2a > 2, H\P > 2
 		if (strlen($match[1]) > 2)
@@ -191,6 +220,8 @@ class manager
 			return false;
 		}
 
+		$this->initialize();
+
 		// Try to retrieve algorithm by service name if type doesn't
 		// start with dollar sign
 		if (!is_array($type) && strpos($type, '$') !== 0 && isset($this->algorithms[$type]))
@@ -223,9 +254,10 @@ class manager
 	*
 	* @param string $password Password that should be checked
 	* @param string $hash Stored hash
+	* @param array	$user_row User's row in users table
 	* @return string|bool True if password is correct, false if not
 	*/
-	public function check($password, $hash)
+	public function check($password, $hash, $user_row = array())
 	{
 		if (strlen($password) > 4096)
 		{
@@ -234,11 +266,21 @@ class manager
 			return false;
 		}
 
+		// Empty hashes can't be checked
+		if (empty($hash))
+		{
+			return false;
+		}
+
+		$this->initialize();
+
 		// First find out what kind of hash we're dealing with
 		$stored_hash_type = $this->detect_algorithm($hash);
 		if ($stored_hash_type == false)
 		{
-			return false;
+			// Still check MD5 hashes as that is what the installer
+			// will default to for the admin user
+			return $this->get_algorithm('$H$')->check($password, $hash);
 		}
 
 		// Multiple hash passes needed
@@ -258,6 +300,21 @@ class manager
 			$this->convert_flag = false;
 		}
 
+		// Check all legacy hash types if prefix is $CP$
+		if ($stored_hash_type->get_prefix() === '$CP$')
+		{
+			// Remove $CP$ prefix for proper checking
+			$hash = substr($hash, 4);
+
+			foreach ($this->type_map as $algorithm)
+			{
+				if ($algorithm->is_legacy() && $algorithm->check($password, $hash, $user_row) === true)
+				{
+					return true;
+				}
+			}
+		}
+
 		return $stored_hash_type->check($password, $hash);
 	}
 
@@ -272,6 +329,8 @@ class manager
 	*/
 	public function combined_hash_password($password_hash, $type)
 	{
+		$this->initialize();
+
 		$data = array(
 			'prefix' => '$',
 			'settings' => '$',