Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
100.00% covered (success)
100.00%
26 / 26
100.00% covered (success)
100.00%
5 / 5
CRAP
100.00% covered (success)
100.00%
1 / 1
md5_phpbb2
100.00% covered (success)
100.00%
26 / 26
100.00% covered (success)
100.00%
5 / 5
16
100.00% covered (success)
100.00%
1 / 1
 __construct
100.00% covered (success)
100.00%
5 / 5
100.00% covered (success)
100.00%
1 / 1
1
 get_prefix
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 is_legacy
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 hash
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 check
100.00% covered (success)
100.00%
18 / 18
100.00% covered (success)
100.00%
1 / 1
12
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14namespace phpbb\passwords\driver;
15
16class md5_phpbb2 extends base
17{
18    const PREFIX = '$md5_phpbb2$';
19
20    /** @var \phpbb\request\request phpBB request object */
21    protected $request;
22
23    /** @var \phpbb\passwords\driver\salted_md5 */
24    protected $salted_md5;
25
26    /** @var \phpbb\passwords\driver\helper */
27    protected $helper;
28
29    /** @var string phpBB root path */
30    protected $phpbb_root_path;
31
32    /** @var string php file extension */
33    protected $php_ext;
34
35    /**
36    * Constructor of passwords driver object
37    *
38    * @param \phpbb\request\request $request phpBB request object
39    * @param \phpbb\passwords\driver\salted_md5 $salted_md5 Salted md5 driver
40     * @param \phpbb\passwords\driver\helper $helper Driver helper
41    * @param string $phpbb_root_path phpBB root path
42    * @param string $php_ext PHP file extension
43    */
44    public function __construct($request, salted_md5 $salted_md5, helper $helper, $phpbb_root_path, $php_ext)
45    {
46        $this->request = $request;
47        $this->salted_md5 = $salted_md5;
48        $this->helper = $helper;
49        $this->phpbb_root_path = $phpbb_root_path;
50        $this->php_ext = $php_ext;
51    }
52
53    /**
54    * {@inheritdoc}
55    */
56    public function get_prefix()
57    {
58        return self::PREFIX;
59    }
60
61    /**
62    * {@inheritdoc}
63    */
64    public function is_legacy()
65    {
66        return true;
67    }
68
69    /**
70    * {@inheritdoc}
71    */
72    public function hash($password, $user_row = '')
73    {
74        // Do not support hashing
75        return false;
76    }
77
78    /**
79    * {@inheritdoc}
80    */
81    public function check($password, $hash, $user_row = array())
82    {
83        if (strlen($hash) != 32 && strlen($hash) != 34)
84        {
85            return false;
86        }
87
88        // enable super globals to get literal value
89        // this is needed to prevent unicode normalization
90        $super_globals_disabled = $this->request->super_globals_disabled();
91        if ($super_globals_disabled)
92        {
93            $this->request->enable_super_globals();
94        }
95
96        // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
97        $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
98        $password_old_format = addslashes($password_old_format);
99        $password_new_format = $this->request->variable('password', '', true);
100
101        if ($super_globals_disabled)
102        {
103            $this->request->disable_super_globals();
104        }
105
106        if ($password == $password_new_format)
107        {
108            if (!function_exists('utf8_to_cp1252'))
109            {
110                include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
111            }
112
113            if ($this->helper->string_compare(md5($password_old_format), $hash) || $this->helper->string_compare(md5(\utf8_to_cp1252($password_old_format)), $hash)
114                || $this->salted_md5->check(md5($password_old_format), $hash) === true
115                || $this->salted_md5->check(md5(\utf8_to_cp1252($password_old_format)), $hash) === true)
116            {
117                return true;
118            }
119        }
120
121        return false;
122    }
123}