From 360e2e6342499cc2fc071cc8a8c1729ca3cd3460 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 15 Apr 2018 11:12:32 +0200 Subject: [PATCH] Revert removal of legacy_password column https://github.com/friendica/friendica/pull/4782#issuecomment-380978218 --- src/Model/User.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/Model/User.php b/src/Model/User.php index d66c73d7eb..2621897f4e 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -128,12 +128,22 @@ class User $user = self::getAuthenticationInfo($user_info); if (strpos($user['password'], '$') === false) { + //Legacy hash that has not been replaced by a new hash yet if (self::hashPasswordLegacy($password) === $user['password']) { self::updatePassword($user['uid'], $password); + return $user['uid']; + } + } elseif (!empty($user['legacy_password'])) { + //Legacy hash that has been double-hashed and not replaced by a new hash yet + //Warning: `legacy_password` is not necessary in sync with the content of `password` + if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { + self::updatePassword($user['uid'], $password); + return $user['uid']; } } elseif (password_verify($password, $user['password'])) { + //New password hash if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { self::updatePassword($user['uid'], $password); }