Merge pull request #4782 from Alkarex/fix-update-password
Fix update password rehash
This commit is contained in:
commit
6d2d15a80d
1 changed files with 11 additions and 1 deletions
|
@ -127,13 +127,23 @@ class User
|
||||||
{
|
{
|
||||||
$user = self::getAuthenticationInfo($user_info);
|
$user = self::getAuthenticationInfo($user_info);
|
||||||
|
|
||||||
if ($user['legacy_password']) {
|
if (strpos($user['password'], '$') === false) {
|
||||||
|
//Legacy hash that has not been replaced by a new hash yet
|
||||||
|
if (self::hashPasswordLegacy($password) === $user['password']) {
|
||||||
|
self::updatePassword($user['uid'], $password);
|
||||||
|
|
||||||
|
return $user['uid'];
|
||||||
|
}
|
||||||
|
} elseif (!empty($user['legacy_password'])) {
|
||||||
|
//Legacy hash that has been double-hashed and not replaced by a new hash yet
|
||||||
|
//Warning: `legacy_password` is not necessary in sync with the content of `password`
|
||||||
if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
|
if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
|
||||||
self::updatePassword($user['uid'], $password);
|
self::updatePassword($user['uid'], $password);
|
||||||
|
|
||||||
return $user['uid'];
|
return $user['uid'];
|
||||||
}
|
}
|
||||||
} elseif (password_verify($password, $user['password'])) {
|
} elseif (password_verify($password, $user['password'])) {
|
||||||
|
//New password hash
|
||||||
if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
|
if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
|
||||||
self::updatePassword($user['uid'], $password);
|
self::updatePassword($user['uid'], $password);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue