themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Fix blank password legacy behavior in TShock.

Browse source 
Fixes #907
This commit is contained in:
Lucas Nicodemus 2015-04-30 15:52:08 -06:00
parent a503c1e84e
commit ddd89043c9
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
TShockAPI/DB/UserManager.cs
View file

@ -444,6 +444,10 @@ namespace TShockAPI.DB
{
if (HashPassword(password).ToUpper() == this.Password.ToUpper())
{
// Return true to keep blank passwords working but don't convert them to bcrypt.
if (this.Password == "non-existant password") {
return true;
}
// The password is not stored using BCrypt; upgrade it to BCrypt immediately
UpgradePasswordToBCrypt(password);
return true;
@ -592,7 +596,7 @@ namespace TShockAPI.DB
protected string HashPassword(string password)
{
if (string.IsNullOrEmpty(password) || password == "non-existant password")
return null;
return "non-existant password";
return HashPassword(Encoding.UTF8.GetBytes(password));
}