Fix the TPhpass algorithm

The salt extraction used `mb_strpos` where `mb_substr` needs to be used.

see c586e46e62dd1d714b7c7db7911eb6cf5d96cc7e

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/TPhpass.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/TPhpass.class.php
index 54dd7bdb55e428146b7af5a54d863f2f7467a5e0..87a3ca8d797b6db8873da2f4e7fe72450b92be06 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/TPhpass.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/TPhpass.class.php
@@ -36,7 +36,7 @@ trait TPhpass
         }
 
         $count = 1 << $count_log2;
-        $salt = \mb_strpos($settings, 4, 8, '8bit');
+        $salt = \mb_substr($settings, 4, 8, '8bit');
 
         if (\mb_strlen($salt, '8bit') != 8) {
             return $output;