From 252a061864b631ac2536f589d9c7da3810d82357 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Thu, 29 May 2014 12:13:02 +0200
Subject: [ticket/12352] Use correct hashing method in md5_mybb driver

PHPBB3-12352
---
 phpBB/phpbb/passwords/driver/md5_mybb.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'phpBB')

diff --git a/phpBB/phpbb/passwords/driver/md5_mybb.php b/phpBB/phpbb/passwords/driver/md5_mybb.php
index 9406546798..ca416c4401 100644
--- a/phpBB/phpbb/passwords/driver/md5_mybb.php
+++ b/phpBB/phpbb/passwords/driver/md5_mybb.php
@@ -46,7 +46,15 @@ class md5_mybb extends base
 	*/
 	public function check($password, $hash, $user_row = array())
 	{
-		return (!empty($hash) && isset($user_row['user_passwd_salt'])) ? $hash === md5($user_row['user_passwd_salt'] . md5($password)) : false;
+		if (empty(hash) || !isset($user_row['user_passwd_salt']))
+		{
+			return false;
+		}
+		else
+		{
+			// Works for myBB 1.1.x, 1.2.x, 1.4.x, 1.6.x
+			return $hash === md5(md5($user_row['user_passwd_salt']) . md5($password));
+		}
 	}
 
 	/**
-- 
cgit v1.2.1