maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

type-safe comparsion of md5-compatibility hash-validation

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2023-02-22 09:35:27 +01:00
parent 23f1f79eff
commit 6777fbf229
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Froxlor/System/Crypt.php
View File

@@ -198,7 +198,7 @@ class Crypt
$update_hash = true; $update_hash = true;
} }
if ($pwd_hash == $pwd_check || password_verify($password, $pwd_hash)) { if ($pwd_hash === $pwd_check || password_verify($password, $pwd_hash)) {
// check for update of hash (only if our database is ready to handle the bigger string) // check for update of hash (only if our database is ready to handle the bigger string)
$is_ready = Froxlor::versionCompare2("0.9.33", Froxlor::getVersion()) <= 0; $is_ready = Froxlor::versionCompare2("0.9.33", Froxlor::getVersion()) <= 0;
if ((password_needs_rehash($pwd_hash, $algo) || $update_hash) && $is_ready) { if ((password_needs_rehash($pwd_hash, $algo) || $update_hash) && $is_ready) {