SMF actually concatenates the lowercase username and password...

This commit is contained in:
Travis Burtrum 2016-08-12 02:18:10 -04:00
parent d42a2a32fd
commit 55bec5e5ea

View File

@ -42,13 +42,13 @@ after_initialize do
def self.check_smf(password, user, hash)
sha1 = Digest::SHA1.new
sha1.update user + password
sha1.update user.downcase + password
hash == sha1.hexdigest
end
#def self.check_smf_scrypt(password, user, hash)
# sha1 = Digest::SHA1.new
# sha1.update user + password
# sha1.update user.downcase + password
# begin
# SCrypt::Password.new(hash) == sha1.hexdigest
# rescue