diff options
| author | plegall <plg@piwigo.org> | 2012-11-02 14:39:01 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2012-11-02 14:39:01 +0000 |
| commit | 26e0ed8fd646450b492ccc88985880eec16fdcb3 (patch) | |
| tree | e639068ebd34607f40418733d14dcb17620e7562 | |
| parent | a73846717f5c884e0eef0b5591ff7ad374375a0b (diff) | |
feature 2727: improved backward compatibility with ['pass_convert']
git-svn-id: http://piwigo.org/svn/trunk@18890 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | include/functions_user.inc.php | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 0ba720167..60bdcd459 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -1133,10 +1133,17 @@ function pwg_password_verify($password, $hash, $user_id=null) { global $conf, $pwg_hasher; - // If the hash is still md5... - if (strlen($hash) <= 32) + // If the password has not been hashed with the current algorithm. + if (strpos('$P', $hash) !== 0) { - $check = ($hash == md5($password)); + if (!empty($conf['pass_convert'])) + { + $check = ($hash == $conf['pass_convert']($password)); + } + else + { + $check = ($hash == md5($password)); + } if ($check and isset($user_id) and !$conf['external_authentification']) { |