fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-30 08:39:58 +09:00
Code Issues Projects Releases Packages Wiki Activity

Ensure full compatibility with previous versions of XE and migration tools

Browse source
This commit is contained in:
Kijin Sung 2014-11-13 12:29:20 +09:00
parent 7c6b82a522
commit 8fd32d09be
1 changed files with 17 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

23
classes/security/Password.class.php
View file

@ -132,22 +132,25 @@ class Password
*/ */
public function checkPassword($password, $hash, $algorithm = null) public function checkPassword($password, $hash, $algorithm = null)
{ {
$password = trim($password);
if($algorithm === null) if($algorithm === null)
{ {
$algorithm = $this->checkAlgorithm($hash); $algorithm = $this->checkAlgorithm($hash);
} }
if(!array_key_exists($algorithm, $this->getSupportedAlgorithms()))
{ $password = trim($password);
return false;
}
switch($algorithm) switch($algorithm)
{ {
case 'md5': case 'md5':
return md5($password) === $hash || md5(sha1(md5($password))) === $hash; return md5($password) === $hash || md5(sha1(md5($password))) === $hash;
case 'mysql_old_password':
return (class_exists('Context') && substr(Context::getDBType(), 0, 5) === 'mysql') ?
DB::getInstance()->isValidOldPassword($password, $hash) : false;
case 'mysql_password':
return $hash[0] === '*' && substr($hash, 1) === strtoupper(sha1(sha1($password, true)));
case 'pbkdf2': case 'pbkdf2':
$hash = explode(':', $hash); $hash = explode(':', $hash);
$hash[3] = base64_decode($hash[3]); $hash[3] = base64_decode($hash[3]);
@ -182,6 +185,14 @@ class Password
{ {
return 'md5'; return 'md5';
} }
elseif(strlen($hash) === 16 && ctype_xdigit($hash))
{
return 'mysql_old_password';
}
elseif(strlen($hash) === 41 && $hash[0] === '*')
{
return 'mysql_password';
}
else else
{ {
return false; return false;