From 8443350604f1f8f0231faa19d4dea13934758367 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Fri, 6 Mar 2020 01:09:12 -0700
Subject: [PATCH] Update database.php

---
 .../resources/classes/plugins/database.php    | 72 ++++++++++++++-----
 1 file changed, 56 insertions(+), 16 deletions(-)

diff --git a/core/authentication/resources/classes/plugins/database.php b/core/authentication/resources/classes/plugins/database.php
index 97c4260915..ceb6405596 100644
--- a/core/authentication/resources/classes/plugins/database.php
+++ b/core/authentication/resources/classes/plugins/database.php
@@ -39,7 +39,7 @@ class plugin_database {
 				$sql .= "where lower(username) = lower(:username) ";
 				$parameters['username'] = $this->username;
 			}
-			if ($_SESSION["users"]["unique"]["text"] == "global") {
+			if ($_SESSION["users"]["unique"]["text"] === "global") {
 				//unique username - global (example: email address)
 			}
 			else {
@@ -50,10 +50,10 @@ class plugin_database {
 			$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
 			$database = new database;
 			$row = $database->select($sql, $parameters, 'row');
-			if (is_array($row) && @sizeof($row) != 0) {
+			if (is_array($row) && @sizeof($row) !== 0) {
 
 				//get the domain uuid when users are unique globally
-					if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
+					if ($_SESSION["users"]["unique"]["text"] === "global" && $row["domain_uuid"] !== $this->domain_uuid) {
 						//set the domain_uuid
 							$this->domain_uuid = $row["domain_uuid"];
 							$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
@@ -72,24 +72,64 @@ class plugin_database {
 					$this->user_uuid = $row['user_uuid'];
 					$this->contact_uuid = $row['contact_uuid'];
 
-				//if salt is not defined then use the default salt for backwards compatibility
-					if (strlen($row["salt"]) == 0) {
-						$row["salt"] = 'e3.7d.12';
+				//validate the password
+					$valid_password = false;
+					if (isset($this->key) && strlen($this->key) > 30 && $this->key === $row["api_key"]) {
+						$valid_password = true;
 					}
-
-				//compare the password provided by the user with the one in the database
-					if (md5($row["salt"].$this->password) == $row["password"]) {
-						$user_authorized = true;
-					}
-					else if (strlen($this->key) > 30 && $this->key == $row["api_key"]) {
-						$user_authorized = true;
+					else if (substr($row["password"], 0, 1) === '$') {
+						if (isset($this->password) && strlen($this->password) > 0) {
+							if (password_verify($this->password, $row["password"])) {
+								$valid_password = true; 
+							}
+						}
 					}
 					else {
-						$user_authorized = false;
+						//deprecated - compare the password provided by the user with the one in the database
+						if (md5($row["salt"].$this->password) === $row["password"]) {
+							$row["password"] = crypt($this->password, '$1$'.$password_salt.'$');
+							$valid_password = true;
+						}
+					}
+
+				//check to to see if the the password hash needs to be updated
+					if ($valid_password) {
+						//set the password hash cost
+						$options = array('cost' => 10);
+
+						//check if a newer hashing algorithm is available or the cost has changed
+						if (password_needs_rehash($row["password"], PASSWORD_DEFAULT, $options)) {
+
+							//build user insert array
+								$array['users'][0]['user_uuid'] = $this->user_uuid;
+								$array['users'][0]['domain_uuid'] = $this->domain_uuid;
+								$array['users'][0]['password'] = password_hash($this->password, PASSWORD_DEFAULT, $options);
+								$array['users'][0]['salt'] = null;
+
+							//build user group insert array
+								$array['user_groups'][0]['user_group_uuid'] = uuid();
+								$array['user_groups'][0]['domain_uuid'] = $this->domain_uuid;
+								$array['user_groups'][0]['group_name'] = 'user';
+								$array['user_groups'][0]['user_uuid'] = $this->user_uuid;
+
+							//grant temporary permissions
+								$p = new permissions;
+								$p->add('user_edit', 'temp');
+
+							//execute insert
+								$database = new database;
+								$database->app_name = 'authentication';
+								$database->app_uuid = 'a8a12918-69a4-4ece-a1ae-3932be0e41f1';
+								$database->save($array);
+								unset($array);
+
+							//revoke temporary permissions
+								$p->delete('user_edit', 'temp');
+
+						}
 					}
 
 			}
-			unset($result);
 
 		//result array
 			$result["plugin"] = "database";
@@ -102,7 +142,7 @@ class plugin_database {
 			$result["domain_uuid"] = $this->domain_uuid;
 			$result["contact_uuid"] = $this->contact_uuid;
 			$result["sql"] = $sql;
-			if ($user_authorized) {
+			if ($valid_password) {
 				$result["authorized"] = "true";
 			}
 			else {