check PHP version for password_verify

6f6f3457 · Daniel Ruf · e0883c52 · 6f6f3457
Commit 6f6f3457 authored Jan 19, 2016 by Daniel Ruf
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 25 deletions

login.php qa-include/pages/login.php +44 -25

No files found.
--- a/qa-include/pages/login.php
+++ b/qa-include/pages/login.php
@@ -67,30 +67,50 @@
 				if (count($matchusers)==1) { // if matches more than one (should be impossible), don't log in
 					$inuserid=$matchusers[0];
 					$userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
-					$haspassword=isset($userinfo['passhash']);
-					$haspasswordold=isset($userinfo['passsalt']) && isset($userinfo['passcheck']);
-					if (
+					if(!qa_php_version_below('5.3.7')){
-					($haspasswordold && strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) ||
+						$haspassword=isset($userinfo['passhash']);
-					($haspassword && password_verify($inpassword,$userinfo['passhash']))
+						$haspasswordold=isset($userinfo['passsalt']) && isset($userinfo['passcheck']);
-					){ // login and redirect
+						if (
-						require_once QA_INCLUDE_DIR.'app/users.php';
+						($haspasswordold && strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) ||
-						if($haspasswordold) qa_db_user_set_password($inuserid, $inpassword);
+						($haspassword && password_verify($inpassword,$userinfo['passhash']))
-						qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));
+						){ // login and redirect
-						$topath=qa_get('to');
+							require_once QA_INCLUDE_DIR.'app/users.php';
+							if($haspasswordold) qa_db_user_set_password($inuserid, $inpassword);
-						if (isset($topath))
+							qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));
-							qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
-						elseif ($passwordsent)
+							$topath=qa_get('to');
-							qa_redirect('account');
-						else
+							if (isset($topath))
-							qa_redirect('');
+								qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
+							elseif ($passwordsent)
-					} else
+								qa_redirect('account');
-						$errors['password']=qa_lang('users/password_wrong');
+							else
+								qa_redirect('');
+						} else
+							$errors['password']=qa_lang('users/password_wrong');
+					} else {
+						if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login and redirect
+							require_once QA_INCLUDE_DIR.'app/users.php';
+							if($haspasswordold) qa_db_user_set_password($inuserid, $inpassword);
+							qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));
+							$topath=qa_get('to');
+							if (isset($topath))
+								qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
+							elseif ($passwordsent)
+								qa_redirect('account');
+							else
+								qa_redirect('');
+						} else
+							$errors['password']=qa_lang('users/password_wrong');
+					}
 				} else
 					$errors['emailhandle']=qa_lang('users/user_not_found');
@@ -181,4 +201,4 @@
 /*
 	Omit PHP closing tag to help avoid accidental output
 */
\ No newline at end of file