[ticket/12352] Revert to db auth provider if default does not exist

This will make sure that we will not encounter a non-existing auth provider.
We will revert to the default db auth provider if the one set in the config
does not exist in our auth provider collection.

PHPBB3-12352

phpBB/includes/functions.php

@@ -2854,7 +2854,16 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		$s_hidden_fields['credential'] = $credential;
 	}
 
-	$auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']);
+	$provider_collection = $phpbb_container->get('auth.provider_collection');
+	$auth_method = $config['auth_method'];
+
+	// Revert to db auth provider if selected method does not exist
+	if (!isset($provider_collection['auth.provider.' . $config['auth_method']]))
+	{
+		$auth_method = 'db';
+	}
+
+	$auth_provider = $provider_collection['auth.provider.' . $auth_method];
 
 	$auth_provider_data = $auth_provider->get_login_data();
 	if ($auth_provider_data)

phpBB/phpbb/auth/provider/db.php

@@ -201,7 +201,8 @@ class db extends \phpbb\auth\provider\base
 				// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
 				// plain md5 support left in for conversions from other systems.
 				if ((strlen($row['user_password']) == 34 && ($this->passwords_manager->check(md5($password_old_format), $row['user_password']) || $this->passwords_manager->check(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
-					|| (strlen($row['user_password']) == 32  && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
+					|| (strlen($row['user_password']) == 32  && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))
+					|| ($this->passwords_manager->check($password_old_format, $row['user_password']) || $this->passwords_manager->check($password_new_format, $row['user_password'])))
 				{
 					$hash = $this->passwords_manager->hash($password_new_format);
 

phpBB/phpbb/session.php

@@ -410,7 +410,14 @@ class session
 					// Check whether the session is still valid if we have one
 					$method = basename(trim($config['auth_method']));
 
-					$provider = $phpbb_container->get('auth.provider.' . $method);
+					$provider_collection = $phpbb_container->get('auth.provider_collection');
+
+					// Revert to db auth provider if selected method does not exist
+					if (!isset($provider_collection['auth.provider.' . $method]))
+					{
+						$method = 'db';
+					}
+					$provider = $provider_collection['auth.provider.' . $method];
 
 					if (!($provider instanceof \phpbb\auth\provider\provider_interface))
 					{
@@ -579,7 +586,14 @@ class session
 
 		$method = basename(trim($config['auth_method']));
 
-		$provider = $phpbb_container->get('auth.provider.' . $method);
+		$provider_collection = $phpbb_container->get('auth.provider_collection');
+
+		// Revert to db auth provider if selected method does not exist
+		if (!isset($provider_collection['auth.provider.' . $method]))
+		{
+			$method = 'db';
+		}
+		$provider = $provider_collection['auth.provider.' . $method];
 		$this->data = $provider->autologin();
 
 		if (sizeof($this->data))

tests/session/testable_factory.php

@@ -96,6 +96,10 @@ class phpbb_session_testable_factory
 			'auth.provider.db',
 			new phpbb_mock_auth_provider()
 		);
+		$phpbb_container->set(
+			'auth.provider_collection',
+			array('auth.provider.db' => $phpbb_container->get('auth.provider.db'))
+		);
 
 		$session = new phpbb_mock_session_testable;
 		return $session;