Skip to content
Permalink
Browse files Browse the repository at this point in the history
type-safe comparsion of md5-compatibility hash-validation
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
  • Loading branch information
d00p committed Feb 22, 2023
1 parent 23f1f79 commit 6777fbf
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/Froxlor/System/Crypt.php
Expand Up @@ -198,7 +198,7 @@ public static function validatePasswordLogin(
$update_hash = true;
}

if ($pwd_hash == $pwd_check || password_verify($password, $pwd_hash)) {
if ($pwd_hash === $pwd_check || password_verify($password, $pwd_hash)) {
// check for update of hash (only if our database is ready to handle the bigger string)
$is_ready = Froxlor::versionCompare2("0.9.33", Froxlor::getVersion()) <= 0;
if ((password_needs_rehash($pwd_hash, $algo) || $update_hash) && $is_ready) {
Expand Down

0 comments on commit 6777fbf

Please sign in to comment.