mirror of
https://github.com/phpbb/phpbb.git
synced 2025-03-14 04:30:29 +01:00
Merge branch '3.3.x'
This commit is contained in:
commit
de711bb7c0
@ -99,7 +99,8 @@ class update_hashes extends \phpbb\console\command\command
|
||||
|
||||
while ($row = $this->db->sql_fetchrow($result))
|
||||
{
|
||||
$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
|
||||
$old_hash = preg_replace('/^\$CP\$/', '', $row['user_password']);
|
||||
$new_hash = $this->passwords_manager->hash($old_hash, array($this->default_type));
|
||||
|
||||
$sql = 'UPDATE ' . USERS_TABLE . "
|
||||
SET user_password = '" . $this->db->sql_escape($new_hash) . "'
|
||||
|
@ -106,7 +106,8 @@ class update_hashes extends \phpbb\cron\task\base
|
||||
|
||||
while ($row = $this->db->sql_fetchrow($result))
|
||||
{
|
||||
$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
|
||||
$old_hash = preg_replace('/^\$CP\$/', '', $row['user_password']);
|
||||
$new_hash = $this->passwords_manager->hash($old_hash, array($this->default_type));
|
||||
|
||||
// Increase number so we know that users were selected from the database
|
||||
$affected_rows++;
|
||||
|
@ -382,11 +382,22 @@ class manager
|
||||
* @param array $stored_hash_type An array containing the hash types
|
||||
* as described by stored password hash
|
||||
* @param string $hash Stored password hash
|
||||
* @param bool $skip_phpbb2_check True if phpBB2 password check should be skipped
|
||||
*
|
||||
* @return bool True if password is correct, false if not
|
||||
*/
|
||||
public function check_combined_hash($password, $stored_hash_type, $hash)
|
||||
public function check_combined_hash($password, $stored_hash_type, $hash, bool $skip_phpbb2_check = false)
|
||||
{
|
||||
// Special case for passwords converted from phpBB2:
|
||||
// These could be phpass(md5(password)) and hence already be double
|
||||
// hashed. For these, try to also check combined hash output of
|
||||
// md5 version of supplied password.
|
||||
$is_valid_phpbb2_pass = false;
|
||||
if (!$skip_phpbb2_check)
|
||||
{
|
||||
$is_valid_phpbb2_pass = $this->check_combined_hash(md5($password), $stored_hash_type, $hash, true);
|
||||
}
|
||||
|
||||
$i = 0;
|
||||
$data = array(
|
||||
'prefix' => '$',
|
||||
@ -402,6 +413,7 @@ class manager
|
||||
$password = str_replace($rebuilt_hash, '', $cur_hash);
|
||||
$i++;
|
||||
}
|
||||
return ($hash === $this->helper->combine_hash_output($data, 'hash', $password));
|
||||
|
||||
return hash_equals($hash, $this->helper->combine_hash_output($data, 'hash', $password)) || $is_valid_phpbb2_pass;
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user