From e32dbb77befeae58315544a8ecc38e505a42ea68 Mon Sep 17 00:00:00 2001
From: patdenice <patdenice@piwigo.org>
Date: Thu, 21 Nov 2013 22:23:59 +0000
Subject: Small bug on password hash verification with strpos function

git-svn-id: http://piwigo.org/svn/trunk@25633 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_user.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/functions_user.inc.php')

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 21844b290..962c42884 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1148,7 +1148,7 @@ function pwg_password_verify($password, $hash, $user_id=null)
   global $conf, $pwg_hasher;
 
   // If the password has not been hashed with the current algorithm.
-  if (strpos('$P', $hash) !== 0)
+  if (strpos($hash, '$P') !== 0)
   {
     if (!empty($conf['pass_convert']))
     {
-- 
cgit v1.2.3