Revert removal of legacy_password column

https://github.com/friendica/friendica/pull/4782#issuecomment-380978218

diff --git a/src/Model/User.php b/src/Model/User.php
index d66c73d7eb05dfea0f2a343df26873da24bbbcb9..2621897f4eb87084a97040bba458d7c8f1078560 100644 (file)
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -128,12 +128,22 @@ class User
                $user = self::getAuthenticationInfo($user_info);
 
                if (strpos($user['password'], '$') === false) {
+                       //Legacy hash that has not been replaced by a new hash yet
                        if (self::hashPasswordLegacy($password) === $user['password']) {
                                self::updatePassword($user['uid'], $password);
 
+                               return $user['uid'];
+                       }
+               } elseif (!empty($user['legacy_password'])) {
+                       //Legacy hash that has been double-hashed and not replaced by a new hash yet
+                       //Warning: `legacy_password` is not necessary in sync with the content of `password`
+                       if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
+                               self::updatePassword($user['uid'], $password);
+
                                return $user['uid'];
                        }
                } elseif (password_verify($password, $user['password'])) {
+                       //New password hash
                        if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
                                self::updatePassword($user['uid'], $password);
                        }