mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 05:50:42 +02:00
Code Issues Releases Wiki Activity

[ticket/13203] Use string_compare method in passwords drivers

Browse Source 
PHPBB3-13203
This commit is contained in:
Marc Alexander
2014-10-22 14:54:55 -05:00
parent 2b47ef1266
commit 0bc04a4df0
12 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/phpbb/passwords/driver/sha_xf1.php
View File

@@ -54,8 +54,8 @@ class sha_xf1 extends base
else
{
// Works for xenforo 1.0, 1.1
if ($hash === sha1(sha1($password) . $user_row['user_passwd_salt'])
|| $hash === hash('sha256', hash('sha256', $password) . $user_row['user_passwd_salt']))
if ($this->helper->string_compare($hash, sha1(sha1($password) . $user_row['user_passwd_salt']))
|| $this->helper->string_compare($hash, hash('sha256', hash('sha256', $password) . $user_row['user_passwd_salt'])))
{
return true;
}