Replace DB::isValidOldPassword() with Rhymix's own implementation

2026-01-05 09:41:40 +09:00 · 2020-07-06 11:51:04 +09:00 · 2020-07-06 11:51:04 +09:00 · d2f24dcd12
commit d2f24dcd12
parent 77ab5cf870
1 changed files with 7 additions and 13 deletions
--- a/common/framework/db.php
+++ b/common/framework/db.php
@ -614,22 +614,16 @@ class DB
 	 */
 	public function isValidOldPassword(string $password, string $saved_password): bool
 	{
-		$stmt = $this->_handle->prepare('SELECT' . ' ' . 'PASSWORD(?) AS pw1, OLD_PASSWORD(?) AS pw2');
-		$stmt->execute([$password, $password]);
-		$result = $this->_fetch($stmt);
-		if ($this->isError() || !$result)
+		if ($saved_password && substr($saved_password, 0, 1) === '*')
 		{
-			return false;
+			return Password::checkPassword($password, $saved_password, 'mysql_new_password');
+		}
+		if ($saved_password && strlen($saved_password) === 16)
+		{
+			return Password::checkPassword($password, $saved_password, 'mysql_old_password');
 		}
 		
-		if ($result->pw1 === $saved_password || $result->pw2 === $saved_password)
-		{
-			return true;
-		}
-		else
-		{
-			return false;
-		}
+		return false;
 	}
 	
 	/**