From 971e38778f3d36414fcd1c26db07e36ec9fa7c9a Mon Sep 17 00:00:00 2001
From: Kienan Stewart <kienan.stewart@burntworld.ca>
Date: Sun, 15 Apr 2018 19:03:57 -0400
Subject: [PATCH] Update stored password hash on user login.

If an md5 hash is stored, a new hash will be calculated and stored.
---
 bureau/class/m_mem.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bureau/class/m_mem.php b/bureau/class/m_mem.php
index 7e31cbd5..d4dce7af 100644
--- a/bureau/class/m_mem.php
+++ b/bureau/class/m_mem.php
@@ -104,6 +104,12 @@ class m_mem {
         }
         $this->user = $db->Record;
         $cuid = $db->f("uid");
+        // Transitional code to update md5 hashed passwords to those created
+        // with password_hash().
+        if (strncmp($db->f('pass'), '$1$', 3) == 0) {
+            $db->query("update membres set pass = ? where uid = ?",
+                       array(password_hash($password), $cuid));
+        }
 
         if (panel_islocked() && $cuid != 2000) {
             $msg->raise("ALERT", "mem", _("This website is currently under maintenance, login is currently disabled."));