Remove some login code duplication

505d0978 · Scott · c88fb8ba · 505d0978 · 505d0978
Commit 505d0978 authored Jan 24, 2016 by Scott
Show whitespace changes
Inline Side-by-side

Showing with 18 additions and 30 deletions

account.php qa-include/pages/account.php +4 -5

login.php qa-include/pages/login.php +14 -25

No files found.
--- a/qa-include/pages/account.php
+++ b/qa-include/pages/account.php
@@ -210,16 +210,15 @@

 			else {
 				$errors = array();
+				$legacyPassError = strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck']);

 				if (QA_PASSWORD_HASH) {
-					if (
-						($haspasswordold && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck']))) ||
-						(!$haspasswordold && $haspassword && !password_verify($inoldpassword,$useraccount['passhash']))
-					) {
+					$passError = !password_verify($inoldpassword,$useraccount['passhash']);
+					if (($haspasswordold && $legacyPassError) || (!$haspasswordold && $haspassword && $passError)) {
 						$errors['oldpassword'] = qa_lang('users/password_wrong');
 					}
 				} else {
-					if ($haspassword && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck']))) {
+					if ($haspassword && $legacyPassError) {
 						$errors['oldpassword'] = qa_lang('users/password_wrong');
 					}
 				}

--- a/qa-include/pages/login.php
+++ b/qa-include/pages/login.php
@@ -68,37 +68,29 @@
 					$inuserid=$matchusers[0];
 					$userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));

-					if (QA_PASSWORD_HASH) {
-						$haspassword=isset($userinfo['passhash']);
-						$haspasswordold=isset($userinfo['passsalt']) && isset($userinfo['passcheck']);
+					$legacyPassOk = strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck']);

-						if (
-							($haspasswordold && strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) ||
-							($haspassword && password_verify($inpassword,$userinfo['passhash']))
-						) {
-							// login and redirect
-							require_once QA_INCLUDE_DIR.'app/users.php';
+					if (QA_PASSWORD_HASH) {
+						$haspassword = isset($userinfo['passhash']);
+						$haspasswordold = isset($userinfo['passsalt']) && isset($userinfo['passcheck']);
+						$passOk = password_verify($inpassword,$userinfo['passhash']);

+						if (($haspasswordold && $legacyPassOk) || ($haspassword && $passOk)) {
 							// upgrade password or rehash, when options like the cost parameter changed
 							if ($haspasswordold || password_needs_rehash($userinfo['passhash'], PASSWORD_BCRYPT)) {
 								qa_db_user_set_password($inuserid, $inpassword);
 							}
-							qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));
-
-							$topath=qa_get('to');
-
-							if (isset($topath))
-								qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
-							elseif ($passwordsent)
-								qa_redirect('account');
-							else
-								qa_redirect('');
-
-						} else
+						} else {
 							$errors['password']=qa_lang('users/password_wrong');
+						}
 					} else {
-						if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login and redirect
+						if (!$legacyPassOk) {
+							$errors['password']=qa_lang('users/password_wrong');
+						}
+					}

+					if (!isset($errors['password'])) {
+						// login and redirect
 						require_once QA_INCLUDE_DIR.'app/users.php';
 						qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));

@@ -110,9 +102,6 @@
 							qa_redirect('account');
 						else
 							qa_redirect('');
-
-						} else
-							$errors['password']=qa_lang('users/password_wrong');
 					}

 				} else