private function _handle_logins($scheme, $password, $hash, $arrAuthData) { switch ($scheme) { case "XenForo_Authentication_Core12": $passwordHash = new XenForo_PasswordHash($this->passwordIterations, false); return $passwordHash->CheckPassword($password, $arrAuthData['hash']); break; case "XenForo_Authentication_Core": $userHash = hash('sha256', hash('sha256', $password) . $arrAuthData['salt']); if ($userHash === $arrAuthData['hash']) { return true; } $userHash = sha1(sha1($password) . $arrAuthData['salt']); return $userHash === $arrAuthData['hash']; break; case "XenForo_Authentication_IPBoard": case "XenForo_Authentication_MyBb": $userHash = md5(md5($arrAuthData['salt']) . md5($password)); return $userHash === $arrAuthData['hash']; break; case "XenForo_Authentication_PhpBb3": $passwordHash = new XenForo_PasswordHash(8, true); return $passwordHash->CheckPassword($password, $arrAuthData['hash']); break; case "XenForo_Authentication_vBulletin": $userHash = md5(md5($password) . $arrAuthData['salt']); return $userHash === $arrAuthData['hash']; break; } return false; }
/** * Authenticate against the given password * @see XenForo_Authentication_Abstract::authenticate() */ public function authenticate($userId, $password) { if (!is_string($password) || $password === '' || empty($this->_data)) { return false; } $passwordHash = new XenForo_PasswordHash(13, false); return $passwordHash->CheckPassword($password, $this->_data['hash']); }
public function isUpgradable() { if (!empty($this->_data['hash'])) { $passwordHash = new XenForo_PasswordHash(XenForo_Application::getConfig()->passwordIterations, false); $expectedIterations = min(intval(XenForo_Application::getConfig()->passwordIterations), 30); $iterations = null; if (preg_match('/^\\$(P|H)\\$(.)/i', $this->_data['hash'], $match)) { $iterations = $passwordHash->reverseItoA64($match[2]) - 5; // 5 iterations removed in PHP 5 } else { if (preg_match('/^\\$2a\\$(\\d+)\\$.*$/i', $this->_data['hash'], $match)) { $iterations = intval($match[1]); } } return $expectedIterations !== $iterations; } return true; }