Don't send transition data if new_pass === old_pass.

[platal.git] / classes / xorgsession.php

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index 025af61..05c2207 100644 (file)
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -79,7 +79,8 @@ class XorgSession extends PlSession
         if (list($uid, $password) = $res->fetchOneRow()) {
             require_once 'secure_hash.inc.php';
             $expected_response = hash_encrypt("$uname:$password:" . S::v('challenge'));
-            if ($response != $expected_response) {
+            if ($response != $expected_response && Env::has('xorpass')
+                && !preg_match('/^0*$/', Env::v('xorpass'))) {
                 $new_password = hash_xor(Env::v('xorpass'), $password);
                 $expected_response = hash_encrypt("$uname:$new_password:" . S::v('challenge'));
                 if ($response == $expected_response) {
@@ -87,6 +88,7 @@ class XorgSession extends PlSession
                                        SET  password = {?}
                                      WHERE  user_id = {?}',
                                    $new_password, $uid);
+                      /* TODO: update GApps password here!!! */
                 }
             }
             if ($response != $expected_response) {