From ed1d4fe4a03c55bbc997f11afa11a87b4fe78c4d Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Thu, 1 May 2014 14:23:39 +0200
Subject: [ticket/12352] Revert to db auth provider if default does not exist

This will make sure that we will not encounter a non-existing auth provider.
We will revert to the default db auth provider if the one set in the config
does not exist in our auth provider collection.

PHPBB3-12352
---
 phpBB/phpbb/auth/provider/db.php |  3 ++-
 phpBB/phpbb/session.php          | 18 ++++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

(limited to 'phpBB/phpbb')

diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php
index 3be1d3873f..d5a6b0452a 100644
--- a/phpBB/phpbb/auth/provider/db.php
+++ b/phpBB/phpbb/auth/provider/db.php
@@ -201,7 +201,8 @@ class db extends \phpbb\auth\provider\base
 				// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
 				// plain md5 support left in for conversions from other systems.
 				if ((strlen($row['user_password']) == 34 && ($this->passwords_manager->check(md5($password_old_format), $row['user_password']) || $this->passwords_manager->check(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
-					|| (strlen($row['user_password']) == 32  && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
+					|| (strlen($row['user_password']) == 32  && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))
+					|| ($this->passwords_manager->check($password_old_format, $row['user_password']) || $this->passwords_manager->check($password_new_format, $row['user_password'])))
 				{
 					$hash = $this->passwords_manager->hash($password_new_format);
 
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index d286dc9cfc..c663977882 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -410,7 +410,14 @@ class session
 					// Check whether the session is still valid if we have one
 					$method = basename(trim($config['auth_method']));
 
-					$provider = $phpbb_container->get('auth.provider.' . $method);
+					$provider_collection = $phpbb_container->get('auth.provider_collection');
+
+					// Revert to db auth provider if selected method does not exist
+					if (!isset($provider_collection['auth.provider.' . $method]))
+					{
+						$method = 'db';
+					}
+					$provider = $provider_collection['auth.provider.' . $method];
 
 					if (!($provider instanceof \phpbb\auth\provider\provider_interface))
 					{
@@ -579,7 +586,14 @@ class session
 
 		$method = basename(trim($config['auth_method']));
 
-		$provider = $phpbb_container->get('auth.provider.' . $method);
+		$provider_collection = $phpbb_container->get('auth.provider_collection');
+
+		// Revert to db auth provider if selected method does not exist
+		if (!isset($provider_collection['auth.provider.' . $method]))
+		{
+			$method = 'db';
+		}
+		$provider = $provider_collection['auth.provider.' . $method];
 		$this->data = $provider->autologin();
 
 		if (sizeof($this->data))
-- 
cgit v1.2.1