From 26e0ed8fd646450b492ccc88985880eec16fdcb3 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 2 Nov 2012 14:39:01 +0000
Subject: feature 2727: improved backward compatibility with ['pass_convert']

git-svn-id: http://piwigo.org/svn/trunk@18890 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_user.inc.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 0ba720167..60bdcd459 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1133,10 +1133,17 @@ function pwg_password_verify($password, $hash, $user_id=null)
 {
   global $conf, $pwg_hasher;
 
-  // If the hash is still md5...
-  if (strlen($hash) <= 32)
+  // If the password has not been hashed with the current algorithm.
+  if (strpos('$P', $hash) !== 0)
   {
-    $check = ($hash == md5($password));
+    if (!empty($conf['pass_convert']))
+    {
+      $check = ($hash == $conf['pass_convert']($password));
+    }
+    else
+    {
+      $check = ($hash == md5($password));
+    }
     
     if ($check and isset($user_id) and !$conf['external_authentification'])
     {
-- 
cgit v1.2.3