Fix password change.

43aa5b44 · Amin.MasterkinG · GitHub · e0be6896 · 43aa5b44
Unverified Commit 43aa5b44 authored May 24, 2019 by Amin.MasterkinG Committed by GitHub May 24, 2019
--- a/application/include/user.php
+++ b/application/include/user.php
@@ -139,7 +139,7 @@ class user
                            if (!empty($userinfo["username"])) {
                                $Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo["username"] . ":" . $_POST["old_password"])));
                                $hashed_pass = strtoupper(sha1(strtoupper($userinfo["username"] . ":" . $_POST["password"])));
-                                if ($userinfo["sha_pass_hash"] == $Old_hashed_pass) {
+                                if (strtoupper($userinfo["sha_pass_hash"]) == $Old_hashed_pass) {
                                    database::$auth->update("account", [
                                        "sha_pass_hash" => $antiXss->xss_clean($hashed_pass),
                                        "sessionkey" => "",
@@ -191,7 +191,7 @@ class user
                            if (!empty($userinfo["username"])) {
                                $Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo["username"] . ":" . $_POST["old_password"])));
                                $hashed_pass = strtoupper(sha1(strtoupper($userinfo["username"] . ":" . $_POST["password"])));
-                                if ($userinfo["sha_pass_hash"] == $Old_hashed_pass) {
+                                if (strtoupper($userinfo["sha_pass_hash"]) == $Old_hashed_pass) {
                                    database::$auth->update("account", [
                                        "sha_pass_hash" => $antiXss->xss_clean($hashed_pass),
                                        "sessionkey" => "",
@@ -263,4 +263,4 @@ class user
        }
        return false;
    }
-}
\ No newline at end of file
+}