only update password to salted if database field is long enough

git-svn-id: http://www.observium.org/svn/observer/trunk@1939 61d68cd4-352d-0410-923a-c4978735b2b8
2024-10-07 16:52:45 +00:00 · 2011-03-20 21:13:59 +00:00
parent 07e4f484f8
commit 2f0c69c9ef
1 changed files with 6 additions and 1 deletions
--- a/html/includes/authentication/mysql.inc.php
+++ b/html/includes/authentication/mysql.inc.php
@ -11,7 +11,12 @@ function authenticate($username,$password)
    // Migrate from old, unhashed password
    if ($row['password'] == $encrypted_old)
    {
-      changepassword($username,$password);
+      $query = mysql_query("DESCRIBE users password");
+      $row = mysql_fetch_assoc($query);
+      if ($row['Type'] == 'varchar(34)')
+      {
+        changepassword($username,$password);
+      }
      return 1;
    }
    if ($row['password'] == crypt($password,$row['password']))