Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public function xf(){
- global $db;
- $login = $this->login;
- $postPass = $this->pass;
- $q0 = $db->select("SELECT user_id,username from xf_user WHERE username='$login'");
- if(count($q0)==0) return false;
- $id = $q0[0]['user_id'];
- $q = $db->select("SELECT scheme_class,data FROM xf_user_authenticate WHERE user_id='$id'");
- if(count($q)==0) return false;
- if($q[0]['scheme_class']==='XenForo_Authentication_Core') {
- $salt = substr($q[0]['data'],105,64);
- $realPass = substr($q[0]['data'],22,64);
- } else {
- $salt = false;
- $realPass = substr($q[0]['data'],22,60);
- }
- $cryptPass = hash_xf($realPass,$postPass,$salt);
- if(!strcmp($realPass,$cryptPass) == 0 || !$realPass) return false;
- else return $q0[0]['username'];
- }
- function hash_xf($realPass, $postPass, $salt) {
- if($salt!==false) {
- return $cryptPass = hash('sha256', hash('sha256', $postPass) . $salt);
- }
- $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
- $cryptPass = '*0';
- if (substr($realPass, 0, 2) == $cryptPass) $cryptPass = '*1';
- $id = substr($realPass, 0, 3);
- # We use "$P$", phpBB3 uses "$H$" for the same thing
- if ($id != '$P$' && $id != '$H$') return $cryptPass = crypt($postPass, $realPass);
- $count_log2 = strpos($itoa64, $realPass[3]);
- if ($count_log2 < 7 || $count_log2 > 30) return $cryptPass = crypt($postPass, $realPass);
- $count = 1 << $count_log2;
- $salt = substr($realPass, 4, 8);
- if (strlen($salt) != 8) return $cryptPass = crypt($postPass, $realPass);
- $hash = md5($salt . $postPass, TRUE);
- do {
- $hash = md5($hash . $postPass, TRUE);
- } while (--$count);
- $cryptPass = substr($realPass, 0, 12);
- $encode64 = '';
- $i = 0;
- do {
- $value = ord($hash[$i++]);
- $encode64 .= $itoa64[$value & 0x3f];
- if ($i < 16) $value |= ord($hash[$i]) << 8;
- $encode64 .= $itoa64[($value >> 6) & 0x3f];
- if ($i++ >= 16) break;
- if ($i < 16) $value |= ord($hash[$i]) << 16;
- $encode64 .= $itoa64[($value >> 12) & 0x3f];
- if ($i++ >= 16) break;
- $encode64 .= $itoa64[($value >> 18) & 0x3f];
- } while ($i < 16);
- $cryptPass .= $encode64;
- if ($cryptPass[0] == '*') $cryptPass = crypt($postPass, $realPass);
- return $cryptPass;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement