X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl-cms.git;a=blobdiff_plain;f=login.php;h=10c7243a08f1a26ca7195da99981f04c7c964749;hp=4ec1344222c5f9a7a2c9053282a11fab12239300;hb=26e88a8fcd1bcbb101245a2243c6fb9cfeda3500;hpb=981eb0d01458cebf032955ef788c8c88a3a99428

diff --git a/login.php b/login.php
index 4ec1344..10c7243 100644
--- a/login.php
+++ b/login.php
@@ -5,7 +5,7 @@ function login_get_fields() {
 	$data = array();
 
 	$data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
-	$data['username'] = format_oneline(trim(_REQUEST_cut('username')));
+	$data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
 	$data['password'] = format_oneline(trim(_REQUEST_cut('password')));
 
 	return $data;
@@ -14,7 +14,7 @@ function login_get_fields() {
 function login_main() {
 	$data = login_get_fields();
 	if (strlen($data['username']) && strlen($data['password'])) {
-		$row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', format_auth_username($data['username']));
+		$row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
 		if ($row) # &&
 		if (strlen($row['password'])) {
 			$needs_rehash = false;
@@ -37,6 +37,9 @@ function login_main() {
 			}
 			if ($password_good) {
 				if ($needs_rehash) {
+					if (!function_exists('password_hash')) {
+						require_once(DOCROOT . 'inc/password_funcs_backported.php');
+					}
 					$hash = password_hash($data['password'], PASSWORD_DEFAULT);
 					db_update('users', 'password', $hash, 'where id=%i', $row['id']);
 				}