Fix having an incorrect parameter if a hash does not contains a salt

Fixes #4416

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php
index d33ced59614d2fb3f6000e194911f747ddd76269..3b29d8c81eef516fb35fb3e3d706e22756e0c0eb 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php
@@ -21,7 +21,9 @@ final class Ipb2 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb3.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb3.class.php
index b9b1af38a03e85dad6a04de3cb4e166e1a5c0f6e..18c70aa90fcc28f4c128762fea35534ec62e0e24 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb3.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb3.class.php
@@ -21,7 +21,9 @@ final class Ipb3 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla1.class.php
index 415ce26c91db2caec03c8755155c2cad299360ac..edef893326af13bfe6bd5c9a9aea8af5bd6e5de1 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla1.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla1.class.php
@@ -21,7 +21,9 @@ final class Joomla1 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla2.class.php
index ea079836d65656f043f3c419b3903878c744e845..2bf2dd073f5ee075227a4b86f4cd7e1dbd906fab 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla2.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla2.class.php
@@ -21,7 +21,9 @@ final class Joomla2 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla3.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla3.class.php
index 10663f00b5c3cd3cd64a1c9feb41e9af95ef51ca..1647cef5e1bc68e9b12c2557a03a1856d38c7be4 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla3.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla3.class.php
@@ -21,7 +21,9 @@ final class Joomla3 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Mybb1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Mybb1.class.php
index 43802dd7feeec3aeb66ff8d665c6d16a14bc36e9..a436b6fcbee0d7a75fbe5cab84ee8e6312cd1873 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Mybb1.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Mybb1.class.php
@@ -21,7 +21,9 @@ final class Mybb1 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpfox3.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpfox3.class.php
index 72ddf0505f07d102fc527b17b56197ffa0f69d05..b4d4ce9c0c24af7d54025a6625eb65c018693d28 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpfox3.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpfox3.class.php
@@ -21,7 +21,9 @@ final class Phpfox3 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php
index 387fd2e5eb04980f350be42e738adf6204312971..298bd2ef0df4e1e6eb1ed4ea8919228312f8a647 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php
@@ -21,7 +21,9 @@ final class Smf1 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf2.class.php
index 51eb596ab678ac5d75483513a7b4680e69cc9c1c..c419ed378d7dc3532129ea2742215378c6b21d64 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf2.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf2.class.php
@@ -21,7 +21,9 @@ final class Smf2 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb3.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb3.class.php
index ad902f0117fe54aa6840d7a055fa43139c57e83d..af61345112799c329e7243b4c95777dd0c8d0a07 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb3.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb3.class.php
@@ -21,7 +21,9 @@ final class Vb3 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb4.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb4.class.php
index f664787af08bc4d49b5a8e7afcf06cd296b59de8..a3cee6f805b4d43eb276952c209bf7bb83cfbe26 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb4.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb4.class.php
@@ -21,7 +21,9 @@ final class Vb4 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5.class.php
index 64f0b07aae475451afcd040ebcc43b55604833cd..ca1afdaa6cb58ca6ecf77ad4baced6341585d9be 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5.class.php
@@ -21,7 +21,9 @@ final class Vb5 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1.class.php
index 4cf28d17a532d459a8833d386ad0832060414723..c97c882324cd61411734d091b7cd40bdbe71850d 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1.class.php
@@ -21,7 +21,9 @@ final class Wcf1 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1e.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1e.class.php
index 2462b560c0bd60401d32f189cfcee58c649818b7..0fc9e4be0083bca42c6470a99a51704ef1ec6ca5 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1e.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1e.class.php
@@ -56,7 +56,9 @@ final class Wcf1e implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         return \hash_equals($hash, $this->hashWithSalt($password, $salt));
     }

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf1.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf1.class.php
index d45ec31238bd09fc91f8c65d6c2de108f4098873..b1c82cf0b7334f2a7849bc869cbedcb22e4c9784 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf1.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf1.class.php
@@ -21,7 +21,9 @@ final class Xf1 implements IPasswordAlgorithm
      */
     public function verify(string $password, string $hash): bool
     {
-        [$hash, $salt] = \explode(':', $hash, 2);
+        $parts = \explode(':', $hash, 2);
+        $hash = $parts[0];
+        $salt = $parts[1] ?? '';
 
         if (\hash_equals($hash, \sha1(\sha1($password) . $salt))) {
             return true;