From 129f6806f6c77622b295f08e03ebb3a4fbecc7d8 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 8 Apr 2018 12:28:04 +0200 Subject: [PATCH] Fix update password rehash Fixes https://github.com/friendica/friendica/issues/4743 The logic for updating password was wrong: https://github.com/friendica/friendica/commit/b0a764b14c2f2798f7eb223e58d47530f80609c1#diff-1466bb1a0a37fe9f7cf52eda8f3b431aR150 --- src/Model/User.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Model/User.php b/src/Model/User.php index 4ae43c3e11..abf4d1d3e4 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -127,18 +127,18 @@ class User { $user = self::getAuthenticationInfo($user_info); - if ($user['legacy_password']) { - if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { - self::updatePassword($user['uid'], $password); - - return $user['uid']; - } - } elseif (password_verify($password, $user['password'])) { + if (password_verify($password, $user['password'])) { if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { self::updatePassword($user['uid'], $password); } return $user['uid']; + } elseif (!empty($user['legacy_password']) || strpos($user['password'], '$') === false) { + if (self::hashPasswordLegacy($password) === $user['password']) { + self::updatePassword($user['uid'], $password); + + return $user['uid']; + } } throw new Exception(L10n::t('Login failed'));