diff --git a/app/Controllers/Settings/AccountController.php b/app/Controllers/Settings/AccountController.php index f57877a..05540be 100644 --- a/app/Controllers/Settings/AccountController.php +++ b/app/Controllers/Settings/AccountController.php @@ -105,7 +105,7 @@ class AccountController extends Controller if (isset($_POST['session']) && session_check()) { $email = $_POST['email'] ?? null; - if ($email) { + if ($email !== null && strlen($email) > 0) { // Validate e-mail address if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { return $this->json( @@ -135,7 +135,7 @@ class AccountController extends Controller $username = $_POST['username'] ?? null; - if ($username) { + if ($username !== null && strlen($username) > 0) { $username_clean = clean_string($username, true); // Check if the username is too short @@ -191,7 +191,6 @@ class AccountController extends Controller } if ($title !== $user->title) { - // Update database DB::table('users') ->where('user_id', $user->id) ->update([ diff --git a/app/User.php b/app/User.php index be0f7b6..a424370 100644 --- a/app/User.php +++ b/app/User.php @@ -1010,11 +1010,9 @@ class User */ public function setPassword(string $password): void { - // Create hash $this->password = password_hash($password, PASSWORD_BCRYPT); $this->passwordChan = time(); - // Update userrow DB::table('users') ->where('user_id', $this->id) ->update([ @@ -1039,7 +1037,19 @@ class User */ public function verifyPassword(string $password): bool { - return password_verify($password, $this->password); + $verify = password_verify($password, $this->password); + + if ($verify && password_needs_rehash($this->password, PASSWORD_BCRYPT)) { + $this->password = password_hash($password, PASSWORD_BCRYPT); + + DB::table('users') + ->where('user_id', $this->id) + ->update([ + 'password' => $this->password, + ]); + } + + return $verify; } /**