Replace _password_verify with password_verify

PHP's password_verify function does know how to recognize md5 hashes: a custom
check is not necessary.

bureau/class/functions.php

@@ -541,20 +541,6 @@ function _md5cr($pass, $salt = "") {
     return crypt($pass, $salt);
 }
 
-/**
- * Transtional function to check if a string matches a saved password hash.
- * @param string $pass string
- * @param string $hash string
- * @return bool
- */
-function _password_verify($pass, $hash) {
-    if (strncmp($hash, '$1$', 3) == 0) {
-        // @TODO Raise a warning for the user to update their password.
-        return _md5cr($pass, $hash) == $hash;
-    }
-    return password_verify($pass, $hash);
-}
-
 /** split mysql database name between username and custom database name
  * @param string $dbname database name
  * @return array returns username as first element, custom name as second

bureau/class/m_mem.php

@@ -93,7 +93,7 @@ function login($username, $password, $restrictip = 0, $authip_token = false) {
             return false;
         }
         $db->next_record();
-        if (!_password_verify($password, $db->f('pass'))) {
+        if (!password_verify($password, $db->f('pass'))) {
             $db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid= ? ;", array($db->f("uid")));
             $msg->raise("ERROR", "mem", _("User or password incorrect"));
             return false;
@@ -396,7 +396,7 @@ function passwd($oldpass, $newpass, $newpass2) {
             $msg->raise("ERROR", "mem", _("You are not allowed to change your password."));
             return false;
         }
-        if (!_password_verify($oldpass, $this->user['pass'])) {
+        if (!password_verify($oldpass, $this->user['pass'])) {
             $msg->raise("ERROR", "mem", _("The old password is incorrect"));
             return false;
         }