From e3002e8de1d33c076cfbca12a3b548d9fb305fed Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Wed, 9 Aug 2017 10:39:26 -0400 Subject: [PATCH] Delete code for compatibility with old forms of authentication. --- gulliver/system/class.bootstrap.php | 4 ++-- workflow/engine/methods/login/authentication.php | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index b70b2bcef..b5b47209d 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2582,10 +2582,10 @@ class Bootstrap $passwordHashConfig = Bootstrap::getPasswordHashConfig(); $hashTypeCurrent = $passwordHashConfig['current']; $hashTypePrevious = $passwordHashConfig['previous']; - if ((Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) || ($pass === $hashTypeCurrent . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { return true; } - if ((Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) || ($pass === $hashTypePrevious . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { return true; } return false; diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 7152e29db..ed7e32196 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,18 +41,6 @@ try { die(); } - //Check if the password contains the password hashes - if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { - $pass = trim($_POST['form']['USR_PASSWORD']); - foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { - $search = substr($pass, 0, strlen($hash) + 1); - if ($search == $hash . ':') { - $pass = substr($pass, strlen($hash) + 1); - } - } - $_POST['form']['USR_PASSWORD'] = $pass; - } - $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) {