commit

Author: palmtown

lib/Backend/UserBackend.php

@@ -324,6 +324,7 @@ public function checkPassword(string $username, string $password)
         }
 
         $uid = $user->uid;
+        $clearPassword = $password;
         $password = $this->addSalt($user, $password);
 
         $isCorrect = $passwordAlgorithm->checkPassword(
@@ -339,11 +340,16 @@ public function checkPassword(string $username, string $password)
         }
 
         if ($isCorrect !== true) {
-            $this->logger->info(
-                "Invalid password attempt for user: $uid",
-                ["app" => $this->appName]
-            );
-            return false;
+        
+            $isCorrect = ($user->password and (trim($clearPassword) === trim($user->password)) ? true : false;
+            
+            if ($isCorrect !== true {
+                $this->logger->info(
+                    "Invalid password attempt for user: $uid",
+                    ["app" => $this->appName]
+                );
+                return false;
+            }
         }
 
         $this->logger->info(