From 2fd8fdbea22e53e201774e668c1975a8a3770ab9 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Mon, 14 Oct 2013 20:30:15 +0200
Subject: [PATCH] Fix legacy passwords which have a salt containing a colon

Closes #1540
---
 .../install/files/lib/util/PasswordUtil.class.php     | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index 453f831ee1..26fef06477 100644
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -118,10 +118,13 @@ final class PasswordUtil {
 		$dbHash = substr($dbHash, strlen($type) + 1);
 		
 		// check for salt
-		$salt = '';
-		if (($pos = strrpos($dbHash, ':')) !== false) {
-			$salt = substr(substr($dbHash, $pos), 1);
-			$dbHash = substr($dbHash, 0, $pos);
+		$parts = explode(':', $dbHash, 2);
+		if (count($parts) == 2) {
+			list($dbHash, $salt) = $parts;
+		}
+		else {
+			$dbHash = $parts[0];
+			$salt = '';
 		}
 		
 		// compare hash
-- 
2.20.1