Line 382 | Line 382 |
---|
* @param array $stored_hash_type An array containing the hash types * as described by stored password hash * @param string $hash Stored password hash
|
* @param array $stored_hash_type An array containing the hash types * as described by stored password hash * @param string $hash Stored password hash
|
| * @param bool $skip_phpbb2_check True if phpBB2 password check should be skipped
|
* * @return bool True if password is correct, false if not */
|
* * @return bool True if password is correct, false if not */
|
public function check_combined_hash($password, $stored_hash_type, $hash)
| public function check_combined_hash($password, $stored_hash_type, $hash, bool $skip_phpbb2_check = false)
|
{
|
{
|
| // Special case for passwords converted from phpBB2: // These could be phpass(md5(password)) and hence already be double // hashed. For these, try to also check combined hash output of // md5 version of supplied password. $is_valid_phpbb2_pass = false; if (!$skip_phpbb2_check) { $is_valid_phpbb2_pass = $this->check_combined_hash(md5($password), $stored_hash_type, $hash, true); }
|
$i = 0; $data = array( 'prefix' => '$',
| $i = 0; $data = array( 'prefix' => '$',
|
Line 402 | Line 413 |
---|
$password = str_replace($rebuilt_hash, '', $cur_hash); $i++; }
|
$password = str_replace($rebuilt_hash, '', $cur_hash); $i++; }
|
return ($hash === $this->helper->combine_hash_output($data, 'hash', $password));
| return hash_equals($hash, $this->helper->combine_hash_output($data, 'hash', $password)) || $is_valid_phpbb2_pass;
|
} }
| } }
|