From ac311e1b39f891ba3c137f6203981c491639bec3 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 2 Jun 2014 10:14:26 +0200 Subject: [ticket/12352] Do not check hashes that don't have the necessary length This should significantly reduce the time spent on checking hashes of passwords that should be converted. PHPBB3-12352 --- phpBB/phpbb/passwords/driver/sha_xf1.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/passwords/driver/sha_xf1.php') diff --git a/phpBB/phpbb/passwords/driver/sha_xf1.php b/phpBB/phpbb/passwords/driver/sha_xf1.php index 08b8cecaf3..7ae0b90f51 100644 --- a/phpBB/phpbb/passwords/driver/sha_xf1.php +++ b/phpBB/phpbb/passwords/driver/sha_xf1.php @@ -47,7 +47,7 @@ class sha_xf1 extends base */ public function check($password, $hash, $user_row = array()) { - if (empty($hash) || !isset($user_row['user_passwd_salt'])) + if (empty($hash) || (strlen($hash) != 40 && strlen($hash) != 64) || !isset($user_row['user_passwd_salt'])) { return false; } -- cgit v1.2.1