X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FUtil%2FExAuth.php;h=f4dc7c052beefa17b49e2648a2a3d9b81d60dda5;hb=7099a54b3d209bd5eb04613010ac3484563f0c45;hp=0769be2e66cf742bc4299fc1b0d219f5a1f41220;hpb=d5887f9f9a4793e9546c6f99e3f6ed9d1b7e3121;p=friendica.git

diff --git a/src/Util/ExAuth.php b/src/Util/ExAuth.php
index 0769be2e66..f4dc7c052b 100644
--- a/src/Util/ExAuth.php
+++ b/src/Util/ExAuth.php
@@ -37,6 +37,7 @@ namespace Friendica\Util;
 use Friendica\Core\Config;
 use Friendica\Core\PConfig;
 use Friendica\Database\DBM;
+use Friendica\Model\User;
 use dba;
 
 require_once 'include/dba.php';
@@ -217,8 +218,8 @@ class ExAuth
 
 			$aUser = dba::select('user', ['uid', 'password'], ['nickname' => $sUser], ['limit' => 1]);
 			if (DBM::is_result($aUser)) {
-				$uid = $aUser['uid'];
-				$Error = $aUser['password'] != hash('whirlpool', $aCommand[3]);
+				$uid = User::authenticate($aUser, $aCommand[3]);
+				$Error = $uid === false;
 			} else {
 				$this->writeLog(LOG_WARNING, 'user not found: ' . $sUser);
 				$Error = true;
@@ -226,7 +227,7 @@ class ExAuth
 			}
 			if ($Error) {
 				$this->writeLog(LOG_INFO, 'check against alternate password for ' . $sUser . '@' . $aCommand[2]);
-				$sPassword = PConfig::get($uid, 'xmpp', 'password');
+				$sPassword = PConfig::get($uid, 'xmpp', 'password', null, true);
 				$Error = ($aCommand[3] != $sPassword);
 			}
 		} else {