[ticket/12352] Use correct hashing method in md5_mybb driver

PHPBB3-12352
author: Marc Alexander <admin@m-a-styles.de> 2014-05-29 12:13:02 +0200
committer: Marc Alexander <admin@m-a-styles.de> 2014-06-01 21:31:05 +0200
commit: 252a061864b631ac2536f589d9c7da3810d82357 (patch)
tree: eafd3d1589e01ae1997dc90c9ed20fb6e869fdb9 /phpBB/phpbb/passwords/driver
parent: [ticket/12352] Add driver for myBB md5 passwords (diff)
download: phpbb-252a061864b631ac2536f589d9c7da3810d82357.tar.gz
phpbb-252a061864b631ac2536f589d9c7da3810d82357.tar.bz2
phpbb-252a061864b631ac2536f589d9c7da3810d82357.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/phpBB/phpbb/passwords/driver/md5_mybb.php b/phpBB/phpbb/passwords/driver/md5_mybb.php
index 9406546798..ca416c4401 100644
--- a/phpBB/phpbb/passwords/driver/md5_mybb.php
+++ b/phpBB/phpbb/passwords/driver/md5_mybb.php
@@ -46,7 +46,15 @@ class md5_mybb extends base
 	*/
 	public function check($password, $hash, $user_row = array())
 	{
-		return (!empty($hash) && isset($user_row['user_passwd_salt'])) ? $hash === md5($user_row['user_passwd_salt'] . md5($password)) : false;
+		if (empty(hash) || !isset($user_row['user_passwd_salt']))
+		{
+			return false;
+		}
+		else
+		{
+			// Works for myBB 1.1.x, 1.2.x, 1.4.x, 1.6.x
+			return $hash === md5(md5($user_row['user_passwd_salt']) . md5($password));
+		}
 	}
 
 	/**
author	Marc Alexander <admin@m-a-styles.de>	2014-05-29 12:13:02 +0200
committer	Marc Alexander <admin@m-a-styles.de>	2014-06-01 21:31:05 +0200
commit	252a061864b631ac2536f589d9c7da3810d82357 (patch)
tree	eafd3d1589e01ae1997dc90c9ed20fb6e869fdb9 /phpBB/phpbb/passwords/driver
parent	[ticket/12352] Add driver for myBB md5 passwords (diff)
download	phpbb-252a061864b631ac2536f589d9c7da3810d82357.tar.gz phpbb-252a061864b631ac2536f589d9c7da3810d82357.tar.bz2 phpbb-252a061864b631ac2536f589d9c7da3810d82357.zip