Merge pull request #5193 from annando/dbstructure

[friendica.git] / src / Model / User.php

diff --git a/src/Model/User.php b/src/Model/User.php
index abf4d1d3e4d2ce8d486fee3d0d2586d83ce62c7a..39c544c3a8786f62053093ec1c4ff734d5eb4c4f 100644 (file)
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -127,18 +127,28 @@ class User
        {
                $user = self::getAuthenticationInfo($user_info);
 
-               if (password_verify($password, $user['password'])) {
-                       if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
+               if (strpos($user['password'], '$') === false) {
+                       //Legacy hash that has not been replaced by a new hash yet
+                       if (self::hashPasswordLegacy($password) === $user['password']) {
                                self::updatePassword($user['uid'], $password);
-                       }
 
-                       return $user['uid'];
-               } elseif (!empty($user['legacy_password']) || strpos($user['password'], '$') === false) {
-                       if (self::hashPasswordLegacy($password) === $user['password']) {
+                               return $user['uid'];
+                       }
+               } elseif (!empty($user['legacy_password'])) {
+                       //Legacy hash that has been double-hashed and not replaced by a new hash yet
+                       //Warning: `legacy_password` is not necessary in sync with the content of `password`
+                       if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
                                self::updatePassword($user['uid'], $password);
 
                                return $user['uid'];
                        }
+               } elseif (password_verify($password, $user['password'])) {
+                       //New password hash
+                       if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
+                               self::updatePassword($user['uid'], $password);
+                       }
+
+                       return $user['uid'];
                }
 
                throw new Exception(L10n::t('Login failed'));
@@ -248,6 +258,10 @@ class User
         */
        public static function hashPassword($password)
        {
+               if (!trim($password)) {
+                       throw new Exception(L10n::t('Password can\'t be empty'));
+               }
+
                return password_hash($password, PASSWORD_DEFAULT);
        }
 
@@ -317,6 +331,7 @@ class User
                $confirm    = x($data, 'confirm')    ? trim($data['confirm'])            : '';
                $blocked    = x($data, 'blocked')    ? intval($data['blocked'])          : 0;
                $verified   = x($data, 'verified')   ? intval($data['verified'])         : 0;
+               $language   = x($data, 'language')   ? notags(trim($data['language'])) : 'en';
 
                $publish = x($data, 'profile_publish_reg') && intval($data['profile_publish_reg']) ? 1 : 0;
                $netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0;
@@ -345,7 +360,7 @@ class User
                                $_SESSION['register'] = 1;
                                $_SESSION['openid'] = $openid_url;
 
-                               $openid = new LightOpenID;
+                               $openid = new LightOpenID($a->get_hostname());
                                $openid->identity = $openid_url;
                                $openid->returnUrl = System::baseUrl() . '/openid';
                                $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson'];
@@ -452,6 +467,7 @@ class User
                        'sprvkey'  => $sprvkey,
                        'verified' => $verified,
                        'blocked'  => $blocked,
+                       'language' => $language,
                        'timezone' => 'UTC',
                        'register_date' => DateTimeFormat::utcNow(),
                        'default-location' => ''