From bb836b65e3c16fadf5c13510cce73daf432f7ad8 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 25 Oct 2013 15:21:09 +0200 Subject: [feature/passwords] Integrate convert_flag with db auth provider PHPBB3-11610 --- phpBB/phpbb/auth/provider/db.php | 2 +- phpBB/phpbb/passwords/manager.php | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index de07a84cf5..aa597c8e9f 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -245,7 +245,7 @@ class db extends \phpbb\auth\provider\base if (!$row['user_pass_convert'] && $this->passwords_manager->check($password, $row['user_password'])) { // Check for old password hash... - if (strlen($row['user_password']) == 32) + if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) { $hash = $this->passwords_manager->hash($password); diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index dde81a9818..0c9eb4f067 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -243,7 +243,9 @@ class manager // Multiple hash passes needed if (is_array($stored_hash_type)) { - return $this->helper->check_combined_hash($password, $stored_hash_type, $hash); + $correct = $this->helper->check_combined_hash($password, $stored_hash_type, $hash); + $this->convert_flag = ($correct === true) ? true : false; + return $correct; } if ($stored_hash_type->get_name() !== $this->type) -- cgit v1.2.1