|
|
|
|
@ -82,8 +82,24 @@ |
|
|
|
|
// any users? |
|
|
|
|
if ($user_counter>0) { |
|
|
|
|
// compare passwords |
|
|
|
|
if(!strcmp(md5($user_pass), $users[0]['user_pass'])) { |
|
|
|
|
// all ok: user is logged in, register session data |
|
|
|
|
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) { |
|
|
|
|
// all ok: user is logged in |
|
|
|
|
|
|
|
|
|
// md5 match but outdated. rewrite with new algo |
|
|
|
|
$newhash = password_hash($user_pass, PASSWORD_BCRYPT); |
|
|
|
|
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id']; |
|
|
|
|
$db->db_update($query); |
|
|
|
|
|
|
|
|
|
} else { |
|
|
|
|
if (! password_verify($user_pass, $users[0]['user_pass'])) { |
|
|
|
|
return FALSE; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
return FALSE; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// register session data |
|
|
|
|
$_SESSION['suser_id'] = $users[0]['user_id']; |
|
|
|
|
$_SESSION['suser_displayname'] = $users[0]['user_displayname']; |
|
|
|
|
$_SESSION['suser_language'] = $users[0]['user_language']; |
|
|
|
|
@ -103,12 +119,6 @@ |
|
|
|
|
$_SESSION['suser_menu_vlans'] = $users[0]['user_menu_vlans']; |
|
|
|
|
$_SESSION['suser_menu_zones'] = $users[0]['user_menu_zones']; |
|
|
|
|
$_SESSION['suser_tooltips'] = $users[0]['user_tooltips']; |
|
|
|
|
} else { |
|
|
|
|
return FALSE; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
return FALSE; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// no errors found, return |
|
|
|
|
return TRUE; |
|
|
|
|
|
Thomas Hooge
2 years ago