Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-25 15:50:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Switch to User::authenticate

Browse source 
- Removed hash('whirlpool') to check password
This commit is contained in:
Hypolite Petovan 2017-11-26 14:46:08 -05:00
parent 483603e77c
commit ec6f5193e2
5 changed files with 46 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/Util/ExAuth.php
View file

@ -37,6 +37,7 @@ namespace Friendica\Util;
use Friendica\Core\Config;
use Friendica\Core\PConfig;
use Friendica\Database\DBM;
use Friendica\Model\User;
use dba;
require_once 'include/dba.php';
@ -217,8 +218,8 @@ class ExAuth
$aUser = dba::select('user', ['uid', 'password'], ['nickname' => $sUser], ['limit' => 1]);
if (DBM::is_result($aUser)) {
$uid = $aUser['uid'];
$Error = $aUser['password'] != hash('whirlpool', $aCommand[3]);
$uid = User::authenticate($aUser, $aCommand[3]);
$Error = $uid === false;
} else {
$this->writeLog(LOG_WARNING, 'user not found: ' . $sUser);
$Error = true;