Fix legacy passwords which have a salt containing a colon

Closes #1540

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index 453f831ee105062f11ad65111e09df83658970c6..26fef06477d51b1c38a95258f473dc924ee04b3d 100644 (file)
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -118,10 +118,13 @@ final class PasswordUtil {
                $dbHash = substr($dbHash, strlen($type) + 1);
                
                // check for salt
-               $salt = '';
-               if (($pos = strrpos($dbHash, ':')) !== false) {
-                       $salt = substr(substr($dbHash, $pos), 1);
-                       $dbHash = substr($dbHash, 0, $pos);
+               $parts = explode(':', $dbHash, 2);
+               if (count($parts) == 2) {
+                       list($dbHash, $salt) = $parts;
+               }
+               else {
+                       $dbHash = $parts[0];
+                       $salt = '';
                }
                
                // compare hash