SMF actually concatenates the lowercase username and password...

2016-08-12 02:18:10 -04:00 · 2016-08-12 02:18:10 -04:00 · 55bec5e5ea
parent d42a2a32fd
commit 55bec5e5ea
1 changed files with 2 additions and 2 deletions
--- a/plugin.rb
+++ b/plugin.rb
@ -42,13 +42,13 @@ after_initialize do

        def self.check_smf(password, user, hash)
            sha1 = Digest::SHA1.new
-            sha1.update user + password
+            sha1.update user.downcase + password
            hash == sha1.hexdigest
        end

        #def self.check_smf_scrypt(password, user, hash)
        #    sha1 = Digest::SHA1.new
-        #    sha1.update user + password
+        #    sha1.update user.downcase + password
        #    begin
        #      SCrypt::Password.new(hash) == sha1.hexdigest
        #    rescue