1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-15 13:14:09 +02:00

[ticket/16697] Remove $CP$ prefix when updating hashes and support phpBB2 check

The $CP$ prefix is not part of the actual password hash.
phpBB2 passwords converted do currently include a phpass hash of the md5 of
the password. Make sure these are correctly checked.

PHPBB3-16697
This commit is contained in:
Marc Alexander
2021-02-04 21:20:50 +01:00
parent 0602fa2316
commit 7d37b650a4
3 changed files with 18 additions and 4 deletions

View File

@@ -99,7 +99,8 @@ class update_hashes extends \phpbb\console\command\command
while ($row = $this->db->sql_fetchrow($result))
{
$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
$old_hash = preg_replace('/^\$CP\$/', '', $row['user_password']);
$new_hash = $this->passwords_manager->hash($old_hash, array($this->default_type));
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $this->db->sql_escape($new_hash) . "'