Code Coverage
 
Classes and Traits
Functions and Methods
Lines
Total
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
5 / 5
CRAP
100.00% covered (success)
100.00%
35 / 35
md5_phpbb2
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
5 / 5
16
100.00% covered (success)
100.00%
35 / 35
 __construct
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
6 / 6
 get_prefix
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
1 / 1
 is_legacy
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
1 / 1
 hash
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
1 / 1
 check
100.00% covered (success)
100.00%
1 / 1
12
100.00% covered (success)
100.00%
26 / 26
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\passwords\driver;
class md5_phpbb2 extends base
{
    const PREFIX = '$md5_phpbb2$';
    /** @var \phpbb\request\request phpBB request object */
    protected $request;
    /** @var \phpbb\passwords\driver\salted_md5 */
    protected $salted_md5;
    /** @var \phpbb\passwords\driver\helper */
    protected $helper;
    /** @var string phpBB root path */
    protected $phpbb_root_path;
    /** @var string php file extension */
    protected $php_ext;
    /**
    * Constructor of passwords driver object
    *
    * @param \phpbb\request\request $request phpBB request object
    * @param \phpbb\passwords\driver\salted_md5 $salted_md5 Salted md5 driver
     * @param \phpbb\passwords\driver\helper $helper Driver helper
    * @param string $phpbb_root_path phpBB root path
    * @param string $php_ext PHP file extension
    */
    public function __construct($request, salted_md5 $salted_md5, helper $helper, $phpbb_root_path, $php_ext)
    {
        $this->request = $request;
        $this->salted_md5 = $salted_md5;
        $this->helper = $helper;
        $this->phpbb_root_path = $phpbb_root_path;
        $this->php_ext = $php_ext;
    }
    /**
    * {@inheritdoc}
    */
    public function get_prefix()
    {
        return self::PREFIX;
    }
    /**
    * {@inheritdoc}
    */
    public function is_legacy()
    {
        return true;
    }
    /**
    * {@inheritdoc}
    */
    public function hash($password, $user_row = '')
    {
        // Do not support hashing
        return false;
    }
    /**
    * {@inheritdoc}
    */
    public function check($password, $hash, $user_row = array())
    {
        if (strlen($hash) != 32 && strlen($hash) != 34)
        {
            return false;
        }
        // enable super globals to get literal value
        // this is needed to prevent unicode normalization
        $super_globals_disabled = $this->request->super_globals_disabled();
        if ($super_globals_disabled)
        {
            $this->request->enable_super_globals();
        }
        // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
        $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
        $password_old_format = addslashes($password_old_format);
        $password_new_format = $this->request->variable('password', '', true);
        if ($super_globals_disabled)
        {
            $this->request->disable_super_globals();
        }
        if ($password == $password_new_format)
        {
            if (!function_exists('utf8_to_cp1252'))
            {
                include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
            }
            if ($this->helper->string_compare(md5($password_old_format), $hash) || $this->helper->string_compare(md5(\utf8_to_cp1252($password_old_format)), $hash)
                || $this->salted_md5->check(md5($password_old_format), $hash) === true
                || $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true)
            {
                return true;
            }
        }
        return false;
    }
}