Here's the same bug, older than dirt:
http://www.simplemachines.org/community/index.php?topic=96927.0It looks like the problem might be this in the
LogInOut.php module, where it potentially alters the password before hashing it:
$sha_passwd = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));but then in other places are inconsistent, like
Profile.php, in resetting password function we see it's missing the "un_htmlspecialchars" when hashing:
if (!$good_password && $user_info['passwd'] != sha1(strtolower($cur_profile['member_name']) . $_POST['oldpasswrd']))
$post_errors[] = 'bad_password'; What does that blue function do?:
Syntax
void un_htmlspecialchars (string $text)
Parameter $text
Expected type: String
Description: string to be have htmlspecialchars removed.
Notes
removes the base entities (<, ", etc.) from text.
should be used instead of html_entity_decode for PHP version compatibility reasons.
additionally converts and '.
I have had similar headaches with buggy password managers and such, when using type-able characters such as <, >, that they get interpreted, stripped, or truncated (or even better, put into HTML raw without converting to
> which breaks the HTML.)
