From 476e57b04646416e24e24c56133c9fadf9e52b95 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Mon, 15 Dec 2025 22:06:05 +0100
Subject: Reverse hash and nonce (#8320)

Safer password evaluation
---
 app/Models/FormAuth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Models/FormAuth.php')

diff --git a/app/Models/FormAuth.php b/app/Models/FormAuth.php
index 8943fa7f5..a6431aa8e 100644
--- a/app/Models/FormAuth.php
+++ b/app/Models/FormAuth.php
@@ -11,7 +11,7 @@ class FreshRSS_FormAuth {
 			return false;
 		}
 
-		return password_verify($nonce . $hash, $challenge);
+		return password_verify($hash . $nonce, $challenge);
 	}
 
 	/** @return list<string> */
-- 
cgit v1.2.3