X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=41d26ee19d66f4c27d3b3a885f086564d9e466c0;hb=ec626fb76cc139a20d4ace890fa3136f770e67e8;hp=d971d968b093bacdfb34942a880ce89c908be45c;hpb=da40c96e9a059e1f41ff62bdf7107c9dbfca6dbe;p=friendica.git

diff --git a/src/Model/User.php b/src/Model/User.php
index d971d968b0..41d26ee19d 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -127,13 +127,23 @@ class User
 	{
 		$user = self::getAuthenticationInfo($user_info);
 
-		if ($user['legacy_password']) {
+		if (strpos($user['password'], '$') === false) {
+			//Legacy hash that has not been replaced by a new hash yet
+			if (self::hashPasswordLegacy($password) === $user['password']) {
+				self::updatePassword($user['uid'], $password);
+
+				return $user['uid'];
+			}
+		} elseif (!empty($user['legacy_password'])) {
+			//Legacy hash that has been double-hashed and not replaced by a new hash yet
+			//Warning: `legacy_password` is not necessary in sync with the content of `password`
 			if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
 				self::updatePassword($user['uid'], $password);
 
 				return $user['uid'];
 			}
 		} elseif (password_verify($password, $user['password'])) {
+			//New password hash
 			if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
 				self::updatePassword($user['uid'], $password);
 			}
@@ -248,6 +258,10 @@ class User
 	 */
 	public static function hashPassword($password)
 	{
+		if (!trim($password)) {
+			throw new Exception(L10n::t('Password can\'t be empty'));
+		}
+
 		return password_hash($password, PASSWORD_DEFAULT);
 	}
 
@@ -615,9 +629,9 @@ class User
 		$body = deindent(L10n::t('
 			The login details are as follows:
 
-			Site Location:	%1$s
-			Login Name:		%2$s
-			Password:		%3$s
+			Site Location:	%3$s
+			Login Name:		%1$s
+			Password:		%5$s
 
 			You may change your password from your account "Settings" page after logging
 			in.
@@ -636,9 +650,9 @@ class User
 			If you are new and do not know anybody here, they may help
 			you to make some new and interesting friends.
 
-			If you ever want to delete your account, you can do so at %1$s/removeme
+			If you ever want to delete your account, you can do so at %3$s/removeme
 
-			Thank you and welcome to %4$s.'));
+			Thank you and welcome to %2$s.'));
 
 		$preamble = sprintf($preamble, $username, $sitename);
 		$body = sprintf($body, $email, $sitename, $siteurl, $username, $password);