Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-27 05:50:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Switch to User::authenticate

Browse source 
- Removed hash('whirlpool') to check password
This commit is contained in:
Hypolite Petovan 2017-11-26 14:46:08 -05:00
parent 483603e77c
commit ec6f5193e2
5 changed files with 46 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

9
mod/settings.php
View file

@ -9,6 +9,7 @@ use Friendica\Core\Config;
use Friendica\Core\PConfig;
use Friendica\Database\DBM;
use Friendica\Model\GlobalContact;
use Friendica\Model\User;
require_once 'include/group.php';
@ -371,7 +372,6 @@ function settings_post(App $a) {
$newpass = $_POST['password'];
$confirm = $_POST['confirm'];
$oldpass = hash('whirlpool', $_POST['opassword']);
$err = false;
if ($newpass != $confirm) {
@ -386,8 +386,7 @@ function settings_post(App $a) {
// check if the old password was supplied correctly before
// changing it to the new value
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
if ($oldpass != $r[0]['password']) {
if (User::authenticate(intval(local_user()), $_POST['opassword'])) {
notice(t('Wrong password.') . EOL);
$err = true;
}
@ -501,9 +500,7 @@ function settings_post(App $a) {
if ($email != $a->user['email']) {
$email_changed = true;
// check for the correct password
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
$password = hash('whirlpool', $_POST['mpassword']);
if ($password != $r[0]['password']) {
if (!User::authenticate(intval(local_user()), $_POST['mpassword'])) {
$err .= t('Wrong Password') . EOL;
$email = $a->user['email'];
}