[ Index ]

PHP Cross Reference of phpBB-3.3.2-deutsch

title

Body

[close]

/phpbb/passwords/driver/ -> md5_phpbb2.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  namespace phpbb\passwords\driver;
  15  
  16  class md5_phpbb2 extends base
  17  {
  18      const PREFIX = '$md5_phpbb2$';
  19  
  20      /** @var \phpbb\request\request phpBB request object */
  21      protected $request;
  22  
  23      /** @var \phpbb\passwords\driver\salted_md5 */
  24      protected $salted_md5;
  25  
  26      /** @var \phpbb\passwords\driver\helper */
  27      protected $helper;
  28  
  29      /** @var string phpBB root path */
  30      protected $phpbb_root_path;
  31  
  32      /** @var string php file extension */
  33      protected $php_ext;
  34  
  35      /**
  36      * Constructor of passwords driver object
  37      *
  38      * @param \phpbb\request\request $request phpBB request object
  39      * @param \phpbb\passwords\driver\salted_md5 $salted_md5 Salted md5 driver
  40       * @param \phpbb\passwords\driver\helper $helper Driver helper
  41      * @param string $phpbb_root_path phpBB root path
  42      * @param string $php_ext PHP file extension
  43      */
  44  	public function __construct($request, salted_md5 $salted_md5, helper $helper, $phpbb_root_path, $php_ext)
  45      {
  46          $this->request = $request;
  47          $this->salted_md5 = $salted_md5;
  48          $this->helper = $helper;
  49          $this->phpbb_root_path = $phpbb_root_path;
  50          $this->php_ext = $php_ext;
  51      }
  52  
  53      /**
  54      * {@inheritdoc}
  55      */
  56  	public function get_prefix()
  57      {
  58          return self::PREFIX;
  59      }
  60  
  61      /**
  62      * {@inheritdoc}
  63      */
  64  	public function is_legacy()
  65      {
  66          return true;
  67      }
  68  
  69      /**
  70      * {@inheritdoc}
  71      */
  72  	public function hash($password, $user_row = '')
  73      {
  74          // Do not support hashing
  75          return false;
  76      }
  77  
  78      /**
  79      * {@inheritdoc}
  80      */
  81  	public function check($password, $hash, $user_row = array())
  82      {
  83          if (strlen($hash) != 32 && strlen($hash) != 34)
  84          {
  85              return false;
  86          }
  87  
  88          // enable super globals to get literal value
  89          // this is needed to prevent unicode normalization
  90          $super_globals_disabled = $this->request->super_globals_disabled();
  91          if ($super_globals_disabled)
  92          {
  93              $this->request->enable_super_globals();
  94          }
  95  
  96          // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
  97          $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
  98          $password_old_format = addslashes($password_old_format);
  99          $password_new_format = $this->request->variable('password', '', true);
 100  
 101          if ($super_globals_disabled)
 102          {
 103              $this->request->disable_super_globals();
 104          }
 105  
 106          if ($password == $password_new_format)
 107          {
 108              if (!function_exists('utf8_to_cp1252'))
 109              {
 110                  include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
 111              }
 112  
 113              if ($this->helper->string_compare(md5($password_old_format), $hash) || $this->helper->string_compare(md5(\utf8_to_cp1252($password_old_format)), $hash)
 114                  || $this->salted_md5->check(md5($password_old_format), $hash) === true
 115                  || $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true)
 116              {
 117                  return true;
 118              }
 119          }
 120  
 121          return false;
 122      }
 123  }


Generated: Wed Nov 11 20:28:18 2020 Cross-referenced by PHPXref 0.7.1