Move some PHP files from ./ to ./inc: common, connection, header, footer

[irc/unrealircd/unrealircd-webpanel.git] / login / index.php

diff --git a/login/index.php b/login/index.php
index 32baa9a304aca5abcd1686b2b06059ffea526f78..56dc0a72612cd979ff29d7cf8c9ab37630a3de7a 100644 (file)
--- a/login/index.php
+++ b/login/index.php
@@ -1,5 +1,5 @@
 <?php
-require_once "../common.php";
+require_once "../inc/common.php";
 
 $logout = false;
 
@@ -34,9 +34,19 @@ if (!empty($_POST))
        {
                $user = new PanelUser($_POST['username']);
                /* not being too informative with the login error in case of attackers */
-               if (isset($user->id) && $user->password_verify($_POST['password']))
+               $hash_needs_updating = false;
+               if (isset($user->id) && $user->password_verify($_POST['password'], $hash_needs_updating))
                {
                        /* SUCCESSFUL LOGIN */
+                       if ($hash_needs_updating)
+                       {
+                               /* Set password again so it is freshly hashed */
+                               $hash = PanelUser::password_hash($_POST['password']);
+                               $ar = ["update_pass_conf"=>$hash];
+                               $user->update_core_info($ar);
+                               unset($ar);
+                               unset($hash);
+                       }
                        panel_start_session($user);
                        $_SESSION['id'] = $user->id;
                        $user->add_meta("last_login", date("Y-m-d H:i:s"));
@@ -155,4 +165,4 @@ if (!empty($_POST))
        });
 </script>
 
-<?php require_once "../footer.php";
\ No newline at end of file
+<?php require_once "../inc/footer.php";
\ No newline at end of file