diff options
Diffstat (limited to 'Bugzilla/Auth')
| -rw-r--r-- | Bugzilla/Auth/Verify/DB.pm | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index 0f73063d2..695671a31 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -64,6 +64,16 @@ sub check_credentials { # password tokens they may have generated. Bugzilla::Token::DeletePasswordTokens($user_id, "user_logged_in"); + # If their old password was using crypt() or some different hash + # than we're using now, convert the stored password to using + # whatever hashing system we're using now. + my $current_algorithm = PASSWORD_DIGEST_ALGORITHM; + if ($real_password_crypted !~ /{\Q$current_algorithm\E}$/) { + my $new_crypted = bz_crypt($password); + $dbh->do('UPDATE profiles SET cryptpassword = ? WHERE userid = ?', + undef, $new_crypted, $user_id); + } + return $login_data; } |