X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=login.php;h=79a8f83209d1575634a53d8723065cf9a2e43007;hb=d8a3c68fe7131555725440aabc9f82e53520b5dc;hp=4ec1344222c5f9a7a2c9053282a11fab12239300;hpb=981eb0d01458cebf032955ef788c8c88a3a99428;p=wfpl-cms.git

diff --git a/login.php b/login.php
index 4ec1344..79a8f83 100644
--- a/login.php
+++ b/login.php
@@ -5,7 +5,7 @@ function login_get_fields() {
 	$data = array();
 
 	$data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
-	$data['username'] = format_oneline(trim(_REQUEST_cut('username')));
+	$data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
 	$data['password'] = format_oneline(trim(_REQUEST_cut('password')));
 
 	return $data;
@@ -14,7 +14,7 @@ function login_get_fields() {
 function login_main() {
 	$data = login_get_fields();
 	if (strlen($data['username']) && strlen($data['password'])) {
-		$row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', format_auth_username($data['username']));
+		$row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
 		if ($row) # &&
 		if (strlen($row['password'])) {
 			$needs_rehash = false;
@@ -26,7 +26,7 @@ function login_main() {
 				}
 			} else {
 				if (!function_exists('password_hash')) {
-					require_once(DOCROOT . 'inc/password_funcs_backported.php');
+					require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
 				}
 				if (password_verify($data['password'], $row['password'])) {
 					$password_good = true;
@@ -37,6 +37,9 @@ function login_main() {
 			}
 			if ($password_good) {
 				if ($needs_rehash) {
+					if (!function_exists('password_hash')) {
+						require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
+					}
 					$hash = password_hash($data['password'], PASSWORD_DEFAULT);
 					db_update('users', 'password', $hash, 'where id=%i', $row['id']);
 				}