maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

only update hash if password matches, fixes #1479

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2015-01-31 12:51:20 +01:00
parent 7680cd441c
commit 4d60b19194
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/functions/validate/function.validatePasswordLogin.php
View File

@@ -60,19 +60,20 @@ function validatePasswordLogin($userinfo = null, $password = null, $table = 'pan
} }
} }
// check for update of hash if ($pwd_hash == $pwd_check) {
if ($update_hash) {
$upd_stmt = Database::prepare(" // check for update of hash
UPDATE " . $table . " SET `password` = :newpasswd WHERE `" . $uid . "` = :uid if ($update_hash) {
"); $upd_stmt = Database::prepare("
$params = array ( UPDATE " . $table . " SET `password` = :newpasswd WHERE `" . $uid . "` = :uid
");
$params = array (
'newpasswd' => makeCryptPassword($password), 'newpasswd' => makeCryptPassword($password),
'uid' => $userinfo[$uid] 'uid' => $userinfo[$uid]
); );
Database::pexecute($upd_stmt, $params); Database::pexecute($upd_stmt, $params);
} }
if ($pwd_hash == $pwd_check) {
return true; return true;
} }
return false; return false;