Small bug on password hash verification with strpos function

git-svn-id: http://piwigo.org/svn/trunk@25633 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-03-28 17:42:57 +01:00 · 2013-11-21 22:23:59 +00:00
parent ffa8dc445d
commit e32dbb77be
1 changed files with 1 additions and 1 deletions
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1148,7 +1148,7 @@ function pwg_password_verify($password, $hash, $user_id=null)
  global $conf, $pwg_hasher;

  // If the password has not been hashed with the current algorithm.
-  if (strpos('$P', $hash) !== 0)
+  if (strpos($hash, '$P') !== 0)
  {
    if (!empty($conf['pass_convert']))
    {