/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
if (empty($hash) || strlen($hash) != 60) {
return false;
} else {
$salt = substr($hash, 0, 29);
if (strlen($salt) != 29) {
return false;
}
// Works for standard WCF 2.x, i.e. WBB4 and similar
return $this->helper->string_compare($hash, $this->bcrypt->hash($this->bcrypt->hash($password, $salt), $salt));
}
}
/**
* {@inheritdoc}
*/
public function check($password, $hash, $user_row = array())
{
if (strlen($hash) != 32 && strlen($hash) != 34) {
return false;
}
// enable super globals to get literal value
// this is needed to prevent unicode normalization
$super_globals_disabled = $this->request->super_globals_disabled();
if ($super_globals_disabled) {
$this->request->enable_super_globals();
}
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
$password_new_format = $this->request->variable('password', '', true);
if ($super_globals_disabled) {
$this->request->disable_super_globals();
}
if ($password == $password_new_format) {
if (!function_exists('utf8_to_cp1252')) {
include $this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext;
}
if ($this->helper->string_compare(md5($password_old_format), $hash) || $this->helper->string_compare(md5(\utf8_to_cp1252($password_old_format)), $hash) || $this->salted_md5->check(md5($password_old_format), $hash) === true || $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true) {
return true;
}
}
return false;
}