Fix for password upgrading. Password-encoding warning added to admin area dashboard.

e107_admin/admin.php

@@ -97,6 +97,7 @@ class admin_start
 		$this->checkFileTypes();
 		$this->checkSuspiciousFiles();
 		$this->checkDeprecated();
+		$this->checkPasswordEncryption();
 
 		if($this->refresh == true)
 		{
@@ -205,7 +206,20 @@ class admin_start
 	}
 
 
+	function checkPasswordEncryption()
+	{
+		$us = e107::getUserSession();
+		$mes = e107::getMessage();
 
+		if($us->passwordAPIExists() === true && $us->getDefaultHashType() !== PASSWORD_E107_PHP && e107::pref('core','password_CHAP')==0)
+		{
+			$message = "It is HIGHLY recommended that you [change your password encoding] to the PHP Default. (Password hashes will be automatically upgraded during user login.)";
+			$srch = array('[',']');
+			$repl = array("<a class='alert-link' href='".e_ADMIN."prefs.php#nav-core-prefs-security'>","</a>");
+			$mes->addWarning(str_replace($srch,$repl,$message));
+		}
+
+	}
 
 
 

e107_admin/prefs.php

@@ -1381,7 +1381,7 @@ $text .= "
 					
 					<tr>
 						<td><label for='passwordencoding'>".PRFLAN_188.":</label></td>
-						<td>
+
 							";
 
 						$pwdEncodeOpts = array();
@@ -1389,17 +1389,19 @@ $text .= "
 						if(function_exists('password_verify')) // ie. php 5.5 or higher
 						{
 							$pwdEncodeOpts[3]	 = "PHP Default (Preferred)";
+
 						}
 
 						$pwdEncodeOpts[1] = PRFLAN_190;
 						$pwdEncodeOpts[0] = PRFLAN_189;
 
+						$text .= (isset($pwdEncodeOpts[3]) && $pref['passwordEncoding']!=3) ? "<td class='has-warning'>" : "<td>";
 						$text .= $frm->select('passwordEncoding', $pwdEncodeOpts,  varset($pref['passwordEncoding'], 0));
 
 				//	$text .= $frm->radio_switch('passwordEncoding', varset($pref['passwordEncoding'], 0), PRFLAN_190, PRFLAN_189);
 
 						$text .= "
-							<div class='smalltext field-help'>".PRFLAN_191."</div>
+							<div class='smalltext field-help'></div>
 						</td>
 					</tr>
 					<tr>";

e107_handlers/user_handler.php

@@ -159,6 +159,26 @@ class UserHandler
 	}
 
 
+	/**
+	 * Return the code for the current default password hash-type
+	 * @return int
+	 */
+	public function getDefaultHashType()
+	{
+		return $this->preferred;
+	}
+
+
+	/**
+	 * Returns true if PHP5.5+ password API is found, otherwise return false.
+	 * @return bool
+	 */
+	public function passwordAPIExists()
+	{
+		return $this->passwordAPI;
+	}
+
+
 	/**
 	 * 	Given plaintext password and login name, generate password string to store in DB
 	 *
@@ -250,10 +270,10 @@ class UserHandler
 
 
 	/**
-	 * If necessary, rehash the user password to the currently set algorythm.
+	 * If necessary, rehash the user password to the currently set algorythm and updated database. .
 	 * @param array $user - user fields. required: user_id, user_loginname, user_password
 	 * @param string $password - plain text password.
-	 * @return bool|int
+	 * @return bool|str returns new password hash on success or false.
 	 */
 	public function rehashPassword($user, $password)
 	{
@@ -265,10 +285,13 @@ class UserHandler
 		}
 
 		$sql = e107::getDb();
+
+		$newPasswordHash = $this->HashPassword($password, $user['user_loginname']);
+
 		$update = array(
 
 			'data' => array(
-				'user_password' => $this->HashPassword($password, $user['user_loginname']),
+				'user_password' => $newPasswordHash,
 
 			),
 			'WHERE' => "user_id = ".intval($user['user_id'])." LIMIT 1",
@@ -276,10 +299,12 @@ class UserHandler
 
 		);
 
+		if($sql->update('user', $update)!==false)
+		{
+			return $newPasswordHash;
+		}
 
-
-
-		return $sql->update('user', $update);
+		return false;
 
 	}
 
@@ -366,12 +391,9 @@ class UserHandler
 
 			return $rawPassword;
 		}
-		else
-		{
-			return false;
-		}
 
 
+		return false;
 
 	}
 
@@ -652,6 +674,10 @@ class UserHandler
 				$_COOKIE[e107::getPref('cookie_name')] = $cookieval; // make it available to the global scope before the page is reloaded
 			}
 		}
+
+
+	//	echo "Debug: making cookie: ".$cookieval ." from ".print_a($lode,true);
+	//	exit;
 	}