$data = array();
$data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
- $data['username'] = format_oneline(trim(_REQUEST_cut('username')));
+ $data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
$data['password'] = format_oneline(trim(_REQUEST_cut('password')));
return $data;
function login_main() {
$data = login_get_fields();
if (strlen($data['username']) && strlen($data['password'])) {
- $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', format_auth_username($data['username']));
+ $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
if ($row) # &&
if (strlen($row['password'])) {
$needs_rehash = false;
}
if ($password_good) {
if ($needs_rehash) {
+ if (!function_exists('password_hash')) {
+ require_once(DOCROOT . 'inc/password_funcs_backported.php');
+ }
$hash = password_hash($data['password'], PASSWORD_DEFAULT);
db_update('users', 'password', $hash, 'where id=%i', $row['id']);
}