diff options
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/auth/provider/db.php | 3 | ||||
| -rw-r--r-- | phpBB/phpbb/session.php | 18 |
2 files changed, 18 insertions, 3 deletions
diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index 3be1d3873f..d5a6b0452a 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -201,7 +201,8 @@ class db extends \phpbb\auth\provider\base // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding // plain md5 support left in for conversions from other systems. if ((strlen($row['user_password']) == 34 && ($this->passwords_manager->check(md5($password_old_format), $row['user_password']) || $this->passwords_manager->check(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) - || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) + || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])) + || ($this->passwords_manager->check($password_old_format, $row['user_password']) || $this->passwords_manager->check($password_new_format, $row['user_password']))) { $hash = $this->passwords_manager->hash($password_new_format); diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index d286dc9cfc..c663977882 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -410,7 +410,14 @@ class session // Check whether the session is still valid if we have one $method = basename(trim($config['auth_method'])); - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + + // Revert to db auth provider if selected method does not exist + if (!isset($provider_collection['auth.provider.' . $method])) + { + $method = 'db'; + } + $provider = $provider_collection['auth.provider.' . $method]; if (!($provider instanceof \phpbb\auth\provider\provider_interface)) { @@ -579,7 +586,14 @@ class session $method = basename(trim($config['auth_method'])); - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + + // Revert to db auth provider if selected method does not exist + if (!isset($provider_collection['auth.provider.' . $method])) + { + $method = 'db'; + } + $provider = $provider_collection['auth.provider.' . $method]; $this->data = $provider->autologin(); if (sizeof($this->data)) |