- $data = login_get_fields();
- if (strlen($data['username']) && strlen($data['password'])) {
- $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
- if ($row) # &&
- if (strlen($row['password'])) {
- $needs_rehash = false;
- $password_good = false;
- if (substr($row['password'], 0, 5) === 'sha1:') {
- if (sha1($data['password']) === substr($row['password'], 5)) {
- $password_good = true;
- $needs_rehash = true;
- }
- } else {
- if (!function_exists('password_hash')) {
- require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
- }
- if (password_verify($data['password'], $row['password'])) {
- $password_good = true;
- if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) {
- $needs_rehash = true;
- }
- }
- }
- if ($password_good) {
- if ($needs_rehash) {
- if (!function_exists('password_hash')) {
- require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
- }
- $hash = password_hash($data['password'], PASSWORD_DEFAULT);
- db_update('users', 'password', $hash, 'where id=%i', $row['id']);
- }
+ $data = login_get_fields();
+ if (strlen($data['username']) && strlen($data['password'])) {
+ $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
+ if ($row) # &&
+ if (strlen($row['password'])) {
+ $needs_rehash = false;
+ $password_good = false;
+ if (substr($row['password'], 0, 5) === 'sha1:') {
+ if (sha1($data['password']) === substr($row['password'], 5)) {
+ $password_good = true;
+ $needs_rehash = true;
+ }
+ } else {
+ if (!function_exists('password_hash')) {
+ require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
+ }
+ if (password_verify($data['password'], $row['password'])) {
+ $password_good = true;
+ if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) {
+ $needs_rehash = true;
+ }
+ }
+ }
+ if ($password_good) {
+ if ($needs_rehash) {
+ if (!function_exists('password_hash')) {
+ require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
+ }
+ $hash = password_hash($data['password'], PASSWORD_DEFAULT);
+ db_update('users', 'password', $hash, 'where id=%i', $row['id']);
+ }