From ec178f0c4ac8f4fb4c63075a6cbb7ac02429543b Mon Sep 17 00:00:00 2001
From: White <monsieur_white@hotmail.com>
Date: Thu, 28 May 2015 11:51:29 +0930
Subject: [PATCH] Fixed the bug where updating the config WorkFactor would mean
 that users could not log into their accounts once their passwords were
 updated to the new WorkFactor

---
 TShockAPI/Commands.cs       | 13 ++++++-------
 TShockAPI/DB/UserManager.cs | 15 +++------------
 2 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/TShockAPI/Commands.cs b/TShockAPI/Commands.cs
index 27e15743..41d43657 100755
--- a/TShockAPI/Commands.cs
+++ b/TShockAPI/Commands.cs
@@ -746,28 +746,27 @@ namespace TShockAPI
 			{
 				if (PlayerHooks.OnPlayerPreLogin(args.Player, args.Player.Name, ""))
 					return;
-				user = TShock.Users.GetUserByName(args.Player.Name);
 				usingUUID = true;
 			}
 			else if (args.Parameters.Count == 1)
 			{
 				if (PlayerHooks.OnPlayerPreLogin(args.Player, args.Player.Name, args.Parameters[0]))
 					return;
-				user = TShock.Users.GetUserByName(args.Player.Name);
 				password = args.Parameters[0];
 			}
 			else if (args.Parameters.Count == 2 && TShock.Config.AllowLoginAnyUsername)
 			{
-				if (PlayerHooks.OnPlayerPreLogin(args.Player, args.Parameters[0], args.Parameters[1]))
-					return;
-
-				user = TShock.Users.GetUserByName(args.Parameters[0]);
-				password = args.Parameters[1];
 				if (String.IsNullOrEmpty(args.Parameters[0]))
 				{
 					args.Player.SendErrorMessage("Bad login attempt.");
 					return;
 				}
+
+				if (PlayerHooks.OnPlayerPreLogin(args.Player, args.Parameters[0], args.Parameters[1]))
+					return;
+
+				user = TShock.Users.GetUserByName(args.Parameters[0]);
+				password = args.Parameters[1];
 			}
 			else
 			{
diff --git a/TShockAPI/DB/UserManager.cs b/TShockAPI/DB/UserManager.cs
index 4aa66c96..c4cf4baa 100755
--- a/TShockAPI/DB/UserManager.cs
+++ b/TShockAPI/DB/UserManager.cs
@@ -122,7 +122,7 @@ namespace TShockAPI.DB
 
 				if (
 					_database.Query("UPDATE Users SET Password = @0 WHERE Username = @1;", user.Password,
-					               user.Name) == 0)
+						user.Name) == 0)
 					throw new UserNotExistException(user.Name);
 			}
 			catch (Exception ex)
@@ -443,7 +443,7 @@ namespace TShockAPI.DB
 			} 
 			catch (SaltParseException)
 			{
-				if (HashPassword(password).ToUpper() == Password.ToUpper())
+				if (String.Equals(HashPassword(password), Password, StringComparison.InvariantCultureIgnoreCase))
 				{
 					// Return true to keep blank passwords working but don't convert them to bcrypt.
 					if (Password == "non-existant password") {
@@ -507,16 +507,7 @@ namespace TShockAPI.DB
 			{
 				try
 				{
-					Password = BCrypt.Net.BCrypt.HashPassword(password, TShock.Config.BCryptWorkFactor);
-				}
-				catch (ArgumentOutOfRangeException)
-				{
-					TShock.Log.ConsoleError("Invalid BCrypt work factor in config file! Refusing to change work-factor on exsting password.");
-				}
-
-				try
-				{
-					TShock.Users.SetUserPassword(this, Password);
+					TShock.Users.SetUserPassword(this, password);
 				}
 				catch (UserManagerException e)
 				{