From 0374a03892628051ac5804df35917027b24cc05e Mon Sep 17 00:00:00 2001
From: tokumeikoi <tokumeikoi@protonmail.com>
Date: Tue, 14 Sep 2021 13:10:29 +0900
Subject: [PATCH] update: support md5 with sha256

---
 app/Http/Controllers/Passport/AuthController.php | 1 +
 app/Http/Controllers/User/UserController.php     | 1 +
 app/Utils/Helper.php                             | 4 ++--
 database/install.sql                             | 3 ++-
 database/update.sql                              | 2 ++
 5 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/Passport/AuthController.php b/app/Http/Controllers/Passport/AuthController.php
index 15a3ed47..506c307d 100644
--- a/app/Http/Controllers/Passport/AuthController.php
+++ b/app/Http/Controllers/Passport/AuthController.php
@@ -125,6 +125,7 @@ class AuthController extends Controller
         }
         if (!Helper::multiPasswordVerify(
             $user->password_algo,
+            $user->password_salt,
             $password,
             $user->password)
         ) {
diff --git a/app/Http/Controllers/User/UserController.php b/app/Http/Controllers/User/UserController.php
index fb974b16..b390e61b 100755
--- a/app/Http/Controllers/User/UserController.php
+++ b/app/Http/Controllers/User/UserController.php
@@ -35,6 +35,7 @@ class UserController extends Controller
         }
         if (!Helper::multiPasswordVerify(
             $user->password_algo,
+            $user->password_salt,
             $request->input('old_password'),
             $user->password)
         ) {
diff --git a/app/Utils/Helper.php b/app/Utils/Helper.php
index 569516ce..214da102 100644
--- a/app/Utils/Helper.php
+++ b/app/Utils/Helper.php
@@ -64,12 +64,12 @@ class Helper
         return $str;
     }
 
-    public static function multiPasswordVerify($algo, $password, $hash)
+    public static function multiPasswordVerify($algo, $salt, $password, $hash)
     {
         switch($algo) {
             case 'md5': return md5($password) === $hash;
             case 'sha256': return hash('sha256', $password) === $hash;
-            case 'mws': return md5(hash('sha256', $password)) === $hash;
+            case 'mws': return md5($password . $salt) === $hash;
             default: return password_verify($password, $hash);
         }
     }
diff --git a/database/install.sql b/database/install.sql
index 302e9eea..48449bbc 100644
--- a/database/install.sql
+++ b/database/install.sql
@@ -323,6 +323,7 @@ CREATE TABLE `v2_user` (
                            `email` varchar(64) NOT NULL,
                            `password` varchar(64) NOT NULL,
                            `password_algo` char(10) DEFAULT NULL,
+                           `password_salt` char(10) DEFAULT NULL,
                            `balance` int(11) NOT NULL DEFAULT '0',
                            `discount` int(11) DEFAULT NULL,
                            `commission_type` tinyint(4) NOT NULL DEFAULT '0' COMMENT '0: system 1: cycle 2: onetime',
@@ -352,4 +353,4 @@ CREATE TABLE `v2_user` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 
--- 2021-08-28 06:53:57
+-- 2021-09-14 04:09:49
diff --git a/database/update.sql b/database/update.sql
index e03b4a5b..78302f8a 100644
--- a/database/update.sql
+++ b/database/update.sql
@@ -439,3 +439,5 @@ ALTER TABLE `v2_ticket_message`
 ALTER TABLE `v2_coupon`
     ADD `limit_use_with_user` int(11) NULL AFTER `limit_use`;
 
+ALTER TABLE `v2_user`
+    ADD `password_salt` char(10) COLLATE 'utf8_general_ci' NULL AFTER `password_algo`;