Merge pull request #5060 from annando/item-delete

[friendica.git] / src / Model / User.php

diff --git a/src/Model/User.php b/src/Model/User.php
index d66c73d7eb05dfea0f2a343df26873da24bbbcb9..41d26ee19d66f4c27d3b3a885f086564d9e466c0 100644 (file)
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -128,12 +128,22 @@ class User
                $user = self::getAuthenticationInfo($user_info);
 
                if (strpos($user['password'], '$') === false) {
+                       //Legacy hash that has not been replaced by a new hash yet
                        if (self::hashPasswordLegacy($password) === $user['password']) {
                                self::updatePassword($user['uid'], $password);
 
+                               return $user['uid'];
+                       }
+               } elseif (!empty($user['legacy_password'])) {
+                       //Legacy hash that has been double-hashed and not replaced by a new hash yet
+                       //Warning: `legacy_password` is not necessary in sync with the content of `password`
+                       if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
+                               self::updatePassword($user['uid'], $password);
+
                                return $user['uid'];
                        }
                } elseif (password_verify($password, $user['password'])) {
+                       //New password hash
                        if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
                                self::updatePassword($user['uid'], $password);
                        }
@@ -248,6 +258,10 @@ class User
         */
        public static function hashPassword($password)
        {
+               if (!trim($password)) {
+                       throw new Exception(L10n::t('Password can\'t be empty'));
+               }
+
                return password_hash($password, PASSWORD_DEFAULT);
        }