From ea6c6a5e84cb261593b29a3a4d4b1498b6879b2b Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Fri, 19 Jan 2018 11:52:59 +0100
Subject: [PATCH] [Web] Fixes super annoying password verification bug #867

---
 data/web/inc/functions.inc.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 20d82a92..b19792e2 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -129,7 +129,9 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
 }
 function verify_ssha256($hash, $password) {
 	// Remove tag if any
-	$hash = ltrim($hash, '{SSHA256}');
+  if (substr($hash, 0, strlen('{SSHA256}')) == '{SSHA256}') {
+    $hash = substr($hash, strlen('{SSHA256}'));
+  }
 	// Decode hash
 	$dhash = base64_decode($hash);
 	// Get first 32 bytes of binary which equals a SHA256 hash