only update hash if password matches, fixes #1479

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

lib/functions/validate/function.validatePasswordLogin.php

@@ -60,6 +60,8 @@ function validatePasswordLogin($userinfo = null, $password = null, $table = 'pan
 		}
 	}
 
+	if ($pwd_hash == $pwd_check) {
+
 		// check for update of hash
 		if ($update_hash) {
 			$upd_stmt = Database::prepare("
@@ -72,7 +74,6 @@ function validatePasswordLogin($userinfo = null, $password = null, $table = 'pan
 			Database::pexecute($upd_stmt, $params);
 		}
 
-	if ($pwd_hash == $pwd_check) {
 		return true;
 	}
 	return false;