Serialize Xenforo hash before put it into table.

- Fix #417
2025-02-01 12:31:29 +01:00 · 2016-01-09 06:13:47 +07:00 · 2016-01-09 06:13:47 +07:00 · b380893847
commit b380893847
parent 642a40724b
2 changed files with 13 additions and 5 deletions
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@ -496,10 +496,12 @@ public class MySQL implements DataSource {
                rs = pst.executeQuery();
                if (rs.next()) {
                    int id = rs.getInt(columnID);
-                    pst2 = con.prepareStatement("INSERT INTO xf_user_authenticate (user_id, scheme_class, data) VALUES (?,?,?);");
+                    sql = "INSERT INTO xf_user_authenticate (user_id, scheme_class, data) VALUES (?,?,?)";
+                    pst2 = con.prepareStatement(sql);
                    pst2.setInt(1, id);
-                    pst2.setString(2, "XenForo_Authentication_Core12");
-                    byte[] bytes = auth.getPassword().getHash().getBytes();
+                    pst2.setString(2, XFBCRYPT.SCHEME_CLASS);
+                    String serializedHash = XFBCRYPT.serializeHash(auth.getPassword().getHash());
+                    byte[] bytes = serializedHash.getBytes();
                    Blob blob = con.createBlob();
                    blob.setBytes(1, bytes);
                    pst2.setBlob(3, blob);
@ -554,7 +556,8 @@ public class MySQL implements DataSource {
                    // Insert password in the correct table
                    sql = "UPDATE xf_user_authenticate SET data=? WHERE " + columnID + "=?;";
                    PreparedStatement pst2 = con.prepareStatement(sql);
-                    byte[] bytes = password.getHash().getBytes();
+                    String serializedHash = XFBCRYPT.serializeHash(password.getHash());
+                    byte[] bytes = serializedHash.getBytes();
                    Blob blob = con.createBlob();
                    blob.setBytes(1, bytes);
                    pst2.setBlob(1, blob);
@ -564,7 +567,7 @@ public class MySQL implements DataSource {
                    // ...
                    sql = "UPDATE xf_user_authenticate SET scheme_class=? WHERE " + columnID + "=?;";
                    pst2 = con.prepareStatement(sql);
-                    pst2.setString(1, "XenForo_Authentication_Core12");
+                    pst2.setString(1, XFBCRYPT.SCHEME_CLASS);
                    pst2.setInt(2, id);
                    pst2.executeUpdate();
                    pst2.close();
--- a/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
@ -4,6 +4,7 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;

 public class XFBCRYPT extends BCRYPT {
+    public static final String SCHEME_CLASS = "XenForo_Authentication_Core12";
    private static final Pattern HASH_PATTERN = Pattern.compile("\"hash\";s.*\"(.*)?\"");

    @Override
@ -19,4 +20,8 @@ public class XFBCRYPT extends BCRYPT {
        }
        return "*"; // what?
    }
+
+    public static String serializeHash(String hash) {
+        return "a:1:{s:4:\"hash\";s:" + hash.length() + ":\""+hash+"\";}";
+    }
 }