Commit e0883c52 by Daniel Ruf

check PHP version for password_verify

parent f0108fe6
...@@ -55,8 +55,12 @@ ...@@ -55,8 +55,12 @@
$changehandle=qa_opt('allow_change_usernames') || ((!$userpoints['qposts']) && (!$userpoints['aposts']) && (!$userpoints['cposts'])); $changehandle=qa_opt('allow_change_usernames') || ((!$userpoints['qposts']) && (!$userpoints['aposts']) && (!$userpoints['cposts']));
$doconfirms=qa_opt('confirm_user_emails') && ($useraccount['level']<QA_USER_LEVEL_EXPERT); $doconfirms=qa_opt('confirm_user_emails') && ($useraccount['level']<QA_USER_LEVEL_EXPERT);
$isconfirmed=($useraccount['flags'] & QA_USER_FLAGS_EMAIL_CONFIRMED) ? true : false; $isconfirmed=($useraccount['flags'] & QA_USER_FLAGS_EMAIL_CONFIRMED) ? true : false;
if(!qa_php_version_below('5.3.7')){
$haspasswordold=isset($useraccount['passsalt']) && isset($useraccount['passcheck']); $haspasswordold=isset($useraccount['passsalt']) && isset($useraccount['passcheck']);
$haspassword=isset($useraccount['passhash']); $haspassword=isset($useraccount['passhash']);
} else {
$haspassword=isset($useraccount['passsalt']) && isset($useraccount['passcheck']);
}
$permit_error = qa_user_permit_error(); $permit_error = qa_user_permit_error();
$isblocked = $permit_error !== false; $isblocked = $permit_error !== false;
$pending_confirmation = $doconfirms && $permit_error == 'confirm'; $pending_confirmation = $doconfirms && $permit_error == 'confirm';
...@@ -206,11 +210,16 @@ ...@@ -206,11 +210,16 @@
else { else {
$errors = array(); $errors = array();
if(!qa_php_version_below('5.3.7')){
if ( if (
($haspasswordold && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck']))) || ($haspasswordold && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck']))) ||
(!$haspasswordold && $haspassword && !password_verify($inoldpassword,$useraccount['passhash'])) (!$haspasswordold && $haspassword && !password_verify($inoldpassword,$useraccount['passhash']))
) )
$errors['oldpassword'] = qa_lang('users/password_wrong'); $errors['oldpassword'] = qa_lang('users/password_wrong');
} else {
if ($haspassword && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck'])))
$errors['oldpassword'] = qa_lang('users/password_wrong');
}
$useraccount['password'] = $inoldpassword; $useraccount['password'] = $inoldpassword;
$errors = $errors + qa_password_validate($innewpassword1, $useraccount); // array union $errors = $errors + qa_password_validate($innewpassword1, $useraccount); // array union
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment