[Web] Fixes super annoying password verification bug #867

2018-01-19 11:52:59 +01:00 · 2018-01-19 11:52:59 +01:00 · ea6c6a5e84
parent c38fad27e5
commit ea6c6a5e84
1 changed files with 3 additions and 1 deletions
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@ -129,7 +129,9 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
 }
 function verify_ssha256($hash, $password) {
 	// Remove tag if any
-	$hash = ltrim($hash, '{SSHA256}');
+  if (substr($hash, 0, strlen('{SSHA256}')) == '{SSHA256}') {
+    $hash = substr($hash, strlen('{SSHA256}'));
+  }
 	// Decode hash
 	$dhash = base64_decode($hash);
 	// Get first 32 bytes of binary which equals a SHA256 hash