mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

[ticket/16697] Remove $CP$ prefix when updating hashes and support phpBB2 check

Browse Source 
The $CP$ prefix is not part of the actual password hash.
phpBB2 passwords converted do currently include a phpass hash of the md5 of
the password. Make sure these are correctly checked.

PHPBB3-16697
This commit is contained in:
Marc Alexander
2021-02-04 21:20:50 +01:00
parent 0602fa2316
commit 7d37b650a4
3 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
phpBB/phpbb/cron/task/core/update_hashes.php
View File

@@ -106,7 +106,8 @@ class update_hashes extends \phpbb\cron\task\base
while ($row = $this->db->sql_fetchrow($result))
{
$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
$old_hash = preg_replace('/^\$CP\$/', '', $row['user_password']);
$new_hash = $this->passwords_manager->hash($old_hash, array($this->default_type));
// Increase number so we know that users were selected from the database
$affected_rows++;