示例#1
0
 /**
  * {@inheritdoc}
  */
 public function check($password, $hash, $user_row = array())
 {
     if (empty($hash) || strlen($hash) != 60) {
         return false;
     } else {
         $salt = substr($hash, 0, 29);
         if (strlen($salt) != 29) {
             return false;
         }
         // Works for standard WCF 2.x, i.e. WBB4 and similar
         return $this->helper->string_compare($hash, $this->bcrypt->hash($this->bcrypt->hash($password, $salt), $salt));
     }
 }
示例#2
0
 /**
  * {@inheritdoc}
  */
 public function check($password, $hash, $user_row = array())
 {
     if (strlen($hash) != 32 && strlen($hash) != 34) {
         return false;
     }
     // enable super globals to get literal value
     // this is needed to prevent unicode normalization
     $super_globals_disabled = $this->request->super_globals_disabled();
     if ($super_globals_disabled) {
         $this->request->enable_super_globals();
     }
     // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
     $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
     $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
     $password_new_format = $this->request->variable('password', '', true);
     if ($super_globals_disabled) {
         $this->request->disable_super_globals();
     }
     if ($password == $password_new_format) {
         if (!function_exists('utf8_to_cp1252')) {
             include $this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext;
         }
         if ($this->helper->string_compare(md5($password_old_format), $hash) || $this->helper->string_compare(md5(\utf8_to_cp1252($password_old_format)), $hash) || $this->salted_md5->check(md5($password_old_format), $hash) === true || $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true) {
             return true;
         }
     }
     return false;
 }