phpBB

Code Changes

File: phpbb/passwords/manager.php

  Unmodified   Added   Modified   Removed
Line 382Line 382
	* @param array $stored_hash_type An array containing the hash types
* as described by stored password hash
* @param string $hash Stored password hash

	* @param array $stored_hash_type An array containing the hash types
* as described by stored password hash
* @param string $hash Stored password hash

 
	* @param bool $skip_phpbb2_check True if phpBB2 password check should be skipped

	*
* @return bool True if password is correct, false if not
*/

	*
* @return bool True if password is correct, false if not
*/

	public function check_combined_hash($password, $stored_hash_type, $hash)

	public function check_combined_hash($password, $stored_hash_type, $hash, bool $skip_phpbb2_check = false)

	{

	{

 
		// Special case for passwords converted from phpBB2:
// These could be phpass(md5(password)) and hence already be double
// hashed. For these, try to also check combined hash output of
// md5 version of supplied password.
$is_valid_phpbb2_pass = false;
if (!$skip_phpbb2_check)
{
$is_valid_phpbb2_pass = $this->check_combined_hash(md5($password), $stored_hash_type, $hash, true);
}


		$i = 0;
$data = array(
'prefix' => '$',

		$i = 0;
$data = array(
'prefix' => '$',

Line 402Line 413
			$password = str_replace($rebuilt_hash, '', $cur_hash);
$i++;
}

			$password = str_replace($rebuilt_hash, '', $cur_hash);
$i++;
}

		return ($hash === $this->helper->combine_hash_output($data, 'hash', $password));



return hash_equals($hash, $this->helper->combine_hash_output($data, 'hash', $password)) || $is_valid_phpbb2_pass;

	}
}


	}
}