From 26e0ed8fd646450b492ccc88985880eec16fdcb3 Mon Sep 17 00:00:00 2001 From: plegall Date: Fri, 2 Nov 2012 14:39:01 +0000 Subject: feature 2727: improved backward compatibility with ['pass_convert'] git-svn-id: http://piwigo.org/svn/trunk@18890 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions_user.inc.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 0ba720167..60bdcd459 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -1133,10 +1133,17 @@ function pwg_password_verify($password, $hash, $user_id=null) { global $conf, $pwg_hasher; - // If the hash is still md5... - if (strlen($hash) <= 32) + // If the password has not been hashed with the current algorithm. + if (strpos('$P', $hash) !== 0) { - $check = ($hash == md5($password)); + if (!empty($conf['pass_convert'])) + { + $check = ($hash == $conf['pass_convert']($password)); + } + else + { + $check = ($hash == md5($password)); + } if ($check and isset($user_id) and !$conf['external_authentification']) { -- cgit v1.2.3