check PHP version for password_verify

6f6f3457 · Daniel Ruf · e0883c52 · 6f6f3457
Commit 6f6f3457 authored Jan 19, 2016 by Daniel Ruf
Show whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

login.php qa-include/pages/login.php +20 -0

No files found.
--- a/qa-include/pages/login.php
+++ b/qa-include/pages/login.php
@@ -68,6 +68,7 @@
 					$inuserid=$matchusers[0];
 					$userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
 					
+					if(!qa_php_version_below('5.3.7')){
 						$haspassword=isset($userinfo['passhash']);
 						$haspasswordold=isset($userinfo['passsalt']) && isset($userinfo['passcheck']);
 						
@@ -91,6 +92,25 @@
 	
 						} else
 							$errors['password']=qa_lang('users/password_wrong');
+					} else {
+						if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login and redirect
+	
+							require_once QA_INCLUDE_DIR.'app/users.php';
+							if($haspasswordold) qa_db_user_set_password($inuserid, $inpassword);
+							qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));
+	
+							$topath=qa_get('to');
+	
+							if (isset($topath))
+								qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
+							elseif ($passwordsent)
+								qa_redirect('account');
+							else
+								qa_redirect('');
+	
+						} else
+							$errors['password']=qa_lang('users/password_wrong');
+					}

 				} else
 					$errors['emailhandle']=qa_lang('users/user_not_found');