inc password_hash backport in one more place

[wfpl-cms.git] / login.php

diff --git a/login.php b/login.php
index 4ec1344..10c7243 100644 (file)
--- a/login.php
+++ b/login.php
@@ -5,7 +5,7 @@ function login_get_fields() {
        $data = array();
 
        $data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
-       $data['username'] = format_oneline(trim(_REQUEST_cut('username')));
+       $data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
        $data['password'] = format_oneline(trim(_REQUEST_cut('password')));
 
        return $data;
@@ -14,7 +14,7 @@ function login_get_fields() {
 function login_main() {
        $data = login_get_fields();
        if (strlen($data['username']) && strlen($data['password'])) {
-               $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', format_auth_username($data['username']));
+               $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
                if ($row) # &&
                if (strlen($row['password'])) {
                        $needs_rehash = false;
@@ -37,6 +37,9 @@ function login_main() {
                        }
                        if ($password_good) {
                                if ($needs_rehash) {
+                                       if (!function_exists('password_hash')) {
+                                               require_once(DOCROOT . 'inc/password_funcs_backported.php');
+                                       }
                                        $hash = password_hash($data['password'], PASSWORD_DEFAULT);
                                        db_update('users', 'password', $hash, 'where id=%i', $row['id']);
                                }