From aa8a353c3825dd9da7e4838c863db6d23ef20013 Mon Sep 17 00:00:00 2001 From: Deon George Date: Tue, 26 Apr 2011 11:27:32 +1000 Subject: [PATCH] SF Bug #2997552 - Unable to verify password using SMD5 scheme --- lib/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/functions.php b/lib/functions.php index 2096bf9..6ccd0d0 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -2237,7 +2237,7 @@ function password_check($cryptedpassword,$plainpassword) { # Check php mhash support before using it if (function_exists('mhash')) { $hash = base64_decode($cryptedpassword); - $salt = substr($hash,-4); + $salt = substr($hash,16); $new_hash = base64_encode(mhash(MHASH_MD5,$plainpassword.$salt).$salt); if (strcmp($cryptedpassword,$new_hash) == 0)