From 129f6806f6c77622b295f08e03ebb3a4fbecc7d8 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 8 Apr 2018 12:28:04 +0200
Subject: [PATCH] Fix update password rehash

Fixes https://github.com/friendica/friendica/issues/4743
The logic for updating password was wrong:
https://github.com/friendica/friendica/commit/b0a764b14c2f2798f7eb223e58d47530f80609c1#diff-1466bb1a0a37fe9f7cf52eda8f3b431aR150
---
 src/Model/User.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Model/User.php b/src/Model/User.php
index 4ae43c3e1..abf4d1d3e 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -127,18 +127,18 @@ class User
 	{
 		$user = self::getAuthenticationInfo($user_info);
 
-		if ($user['legacy_password']) {
-			if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
-				self::updatePassword($user['uid'], $password);
-
-				return $user['uid'];
-			}
-		} elseif (password_verify($password, $user['password'])) {
+		if (password_verify($password, $user['password'])) {
 			if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
 				self::updatePassword($user['uid'], $password);
 			}
 
 			return $user['uid'];
+		} elseif (!empty($user['legacy_password']) || strpos($user['password'], '$') === false) {
+			if (self::hashPasswordLegacy($password) === $user['password']) {
+				self::updatePassword($user['uid'], $password);
+
+				return $user['uid'];
+			}
 		}
 
 		throw new Exception(L10n::t('Login failed'));