public static bool PasswordMatches(this Account account, string password) { if (account.PasswordSalt == "use bcrypt") // Account password is using bcrypt { if (Common.ConfigManager.Config.Server.Accounts.ForceWorkFactorMigration && (BCryptProvider.GetPasswordWorkFactor(account.PasswordHash) != Common.ConfigManager.Config.Server.Accounts.PasswordHashWorkFactor)) // Upgrade (or downgrade) Password workfactor if not the same as config specifies, ForceWorkFactorMigration is TRUE and Password Matches { if (BCryptProvider.Verify(password, account.PasswordHash)) { account.SetPassword(password); account.SetSaltForBCrypt(); DatabaseManager.Authentication.UpdateAccount(account); return(true); } else { return(false); } } else { return(BCryptProvider.Verify(password, account.PasswordHash)); } } else // Account password is using SHA512 salt { log.Debug($"{account.AccountName} password verified using SHA512 hash/salt, migrating to bcrypt."); var input = GetPasswordHash(account, password); if (input == account.PasswordHash) // If password matches, migrate to bcrypt { account.SetPassword(password); account.SetSaltForBCrypt(); DatabaseManager.Authentication.UpdateAccount(account); return(true); } else { return(false); } } }