From 991a3d959e658f4335ffb182d417e6edd3d8fcf4 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 15 Apr 2018 10:51:22 +0200
Subject: [PATCH] Revert "Remove SQL column legacy_password"

This reverts commit 82f1f2f00e4493c3d1d4ff1df9161cc0957defee.
---
 database.sql                 | 1 +
 src/Database/DBStructure.php | 1 +
 src/Model/User.php           | 6 ++++--
 src/Util/ExAuth.php          | 2 +-
 update.php                   | 7 +++++--
 5 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/database.sql b/database.sql
index c4b93e2873..aa87247db3 100644
--- a/database.sql
+++ b/database.sql
@@ -1019,6 +1019,7 @@ CREATE TABLE IF NOT EXISTS `user` (
 	`guid` varchar(64) NOT NULL DEFAULT '' COMMENT '',
 	`username` varchar(255) NOT NULL DEFAULT '' COMMENT '',
 	`password` varchar(255) NOT NULL DEFAULT '' COMMENT '',
+	`legacy_password` boolean NOT NULL DEFAULT '0' COMMENT 'Is the password hash double-hashed?',
 	`nickname` varchar(255) NOT NULL DEFAULT '' COMMENT '',
 	`email` varchar(255) NOT NULL DEFAULT '' COMMENT '',
 	`openid` varchar(255) NOT NULL DEFAULT '' COMMENT '',
diff --git a/src/Database/DBStructure.php b/src/Database/DBStructure.php
index 275d9562bb..67c8d7b8a6 100644
--- a/src/Database/DBStructure.php
+++ b/src/Database/DBStructure.php
@@ -1726,6 +1726,7 @@ class DBStructure
 						"guid" => ["type" => "varchar(64)", "not null" => "1", "default" => "", "comment" => ""],
 						"username" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
 						"password" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
+						"legacy_password" => ["type" => "boolean", "not null" => "1", "default" => "0", "comment" => "Is the password hash double-hashed?"],
 						"nickname" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
 						"email" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
 						"openid" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
diff --git a/src/Model/User.php b/src/Model/User.php
index 27f7ff66f7..d66c73d7eb 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -170,12 +170,13 @@ class User
 
 			if (!isset($user['uid'])
 				|| !isset($user['password'])
+				|| !isset($user['legacy_password'])
 			) {
 				throw new Exception(L10n::t('Not enough information to authenticate'));
 			}
 		} elseif (is_int($user_info) || is_string($user_info)) {
 			if (is_int($user_info)) {
-				$user = dba::selectFirst('user', ['uid', 'password'],
+				$user = dba::selectFirst('user', ['uid', 'password', 'legacy_password'],
 					[
 						'uid' => $user_info,
 						'blocked' => 0,
@@ -185,7 +186,7 @@ class User
 					]
 				);
 			} else {
-				$user = dba::fetch_first('SELECT `uid`, `password`
+				$user = dba::fetch_first('SELECT `uid`, `password`, `legacy_password`
 					FROM `user`
 					WHERE (`email` = ? OR `username` = ? OR `nickname` = ?)
 					AND `blocked` = 0
@@ -276,6 +277,7 @@ class User
 			'password' => $pasword_hashed,
 			'pwdreset' => null,
 			'pwdreset_time' => null,
+			'legacy_password' => false
 		];
 		return dba::update('user', $fields, ['uid' => $uid]);
 	}
diff --git a/src/Util/ExAuth.php b/src/Util/ExAuth.php
index cdf663b42c..d4436e32af 100644
--- a/src/Util/ExAuth.php
+++ b/src/Util/ExAuth.php
@@ -226,7 +226,7 @@ class ExAuth
 		if ($a->get_hostname() == $aCommand[2]) {
 			$this->writeLog(LOG_INFO, 'internal auth for ' . $sUser . '@' . $aCommand[2]);
 
-			$aUser = dba::selectFirst('user', ['uid', 'password'], ['nickname' => $sUser]);
+			$aUser = dba::selectFirst('user', ['uid', 'password', 'legacy_password'], ['nickname' => $sUser]);
 			if (DBM::is_result($aUser)) {
 				$uid = $aUser['uid'];
 				$success = User::authenticate($aUser, $aCommand[3]);
diff --git a/update.php b/update.php
index 0cbc0302fd..bc14b3a29f 100644
--- a/update.php
+++ b/update.php
@@ -149,9 +149,12 @@ function update_1203() {
 }
 
 function update_1244() {
+	// Sets legacy_password for all legacy hashes
+	dba::update('user', ['legacy_password' => true], ['SUBSTR(password, 1, 4) != "$2y$"']);
+
 	// All legacy hashes are re-hashed using the new secure hashing function
-	$stmt = dba::select('user', ['uid', 'password'], ['password NOT LIKE "$%"']);
-	while ($user = dba::fetch($stmt)) {
+	$stmt = dba::select('user', ['uid', 'password'], ['legacy_password' => true]);
+	while($user = dba::fetch($stmt)) {
 		dba::update('user', ['password' => User::hashPassword($user['password'])], ['uid' => $user['uid']]);
 	}
 
-- 
2.39.5