From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Mon, 14 Oct 2013 18:30:15 +0000 (+0200)
Subject: Fix legacy passwords which have a salt containing a colon
X-Git-Tag: 2.0.0_Beta_11~39^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2fd8fdbea22e53e201774e668c1975a8a3770ab9;p=GitHub%2FWoltLab%2FWCF.git

Fix legacy passwords which have a salt containing a colon

Closes #1540
---

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index 453f831ee1..26fef06477 100644
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -118,10 +118,13 @@ final class PasswordUtil {
 		$dbHash = substr($dbHash, strlen($type) + 1);
 		
 		// check for salt
-		$salt = '';
-		if (($pos = strrpos($dbHash, ':')) !== false) {
-			$salt = substr(substr($dbHash, $pos), 1);
-			$dbHash = substr($dbHash, 0, $pos);
+		$parts = explode(':', $dbHash, 2);
+		if (count($parts) == 2) {
+			list($dbHash, $salt) = $parts;
+		}
+		else {
+			$dbHash = $parts[0];
+			$salt = '';
 		}
 		
 		// compare hash