Merge pull request #4782 from Alkarex/fix-update-password
Fix update password rehash
This commit is contained in:
		
				commit
				
					
						6d2d15a80d
					
				
			
		
					 1 changed files with 11 additions and 1 deletions
				
			
		|  | @ -127,13 +127,23 @@ class User | ||||||
| 	{ | 	{ | ||||||
| 		$user = self::getAuthenticationInfo($user_info); | 		$user = self::getAuthenticationInfo($user_info); | ||||||
| 
 | 
 | ||||||
| 		if ($user['legacy_password']) { | 		if (strpos($user['password'], '$') === false) { | ||||||
|  | 			//Legacy hash that has not been replaced by a new hash yet
 | ||||||
|  | 			if (self::hashPasswordLegacy($password) === $user['password']) { | ||||||
|  | 				self::updatePassword($user['uid'], $password); | ||||||
|  | 
 | ||||||
|  | 				return $user['uid']; | ||||||
|  | 			} | ||||||
|  | 		} elseif (!empty($user['legacy_password'])) { | ||||||
|  | 			//Legacy hash that has been double-hashed and not replaced by a new hash yet
 | ||||||
|  | 			//Warning: `legacy_password` is not necessary in sync with the content of `password`
 | ||||||
| 			if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { | 			if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { | ||||||
| 				self::updatePassword($user['uid'], $password); | 				self::updatePassword($user['uid'], $password); | ||||||
| 
 | 
 | ||||||
| 				return $user['uid']; | 				return $user['uid']; | ||||||
| 			} | 			} | ||||||
| 		} elseif (password_verify($password, $user['password'])) { | 		} elseif (password_verify($password, $user['password'])) { | ||||||
|  | 			//New password hash
 | ||||||
| 			if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { | 			if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { | ||||||
| 				self::updatePassword($user['uid'], $password); | 				self::updatePassword($user['uid'], $password); | ||||||
| 			} | 			} | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue