Make the change on the login mechanism compatible with old configurations

3 months ago · 66ceacd918
parent d746aa445e
commit 66ceacd918
1 changed files with 8 additions and 1 deletions
--- a/inc/auth.php
+++ b/inc/auth.php
@ -16,7 +16,14 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
    $input_username = $_POST['login'];
    $input_password = $_POST['passw'];

-    if (isset($conf['logins'][$input_username]) && password_verify($input_password, $conf['logins'][$input_username]) ) {
+    if (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) != 64 && password_verify($input_password, $conf['logins'][$input_username]) ) {
+        $_SESSION['auth'] = true;
+        $_SESSION['user'] = $input_username;
+        $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
+        unset($_SESSION['error']);
+
+    } elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) {
+        // Compatibility mode for previous installs (sha256)
        $_SESSION['auth'] = true;
        $_SESSION['user'] = $input_username;
        $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;