password updates: fix couldnt password user_id 0, now encrypt instead of hash, backwards compatible

zefie_wtvp_minisrv/includes/ServiceVault/wtv-setup/validate-change-password.js

@@ -19,7 +19,7 @@ if (session_data.user_id !== 0 && session_data.user_id !== parseInt(request_head
     data = errpage[1];
 }
 
-if (user_id && !errpage) {
+if (user_id >= 0 && !errpage) {
     headers = `200 OK
 Connection: Keep-Alive
 Content-Type: text/html`

zefie_wtvp_minisrv/includes/classes/WTVClientSessionData.js

@@ -692,10 +692,16 @@ class WTVClientSessionData {
         return CryptoJS.AES.decrypt(crypt, this.cryptoKey).toString(CryptoJS.enc.Utf8);
     }
 
-    encodePassword(passwd) {
+
+    oldDecodePassword(passwd) {
         return CryptoJS.SHA512(passwd).toString(CryptoJS.enc.Base64);
     }
 
+    encodePassword(passwd) {
+        //return CryptoJS.SHA512(passwd).toString(CryptoJS.enc.Base64);
+        return this.encryptPassword(passwd);
+    }
+
     setUserPassword(passwd) {
         this.setSessionData("subscriber_password", this.encodePassword(passwd));
         this.saveSessionData();
@@ -723,7 +729,13 @@ class WTVClientSessionData {
 
     validateUserPassword(passwd) {
         if (!this.getUserPasswordEnabled()) return true; // no password is set so always validate
-        return (this.encodePassword(passwd) === this.getSessionData("subscriber_password"));
+        if (passwd === this.decryptPassword(this.getSessionData("subscriber_password"))) return true; // check against current encryption
+        else if (this.oldDecodePassword(passwd) === this.getSessionData("subscriber_password")) {
+            // if password matches old hash, update to new encryption
+            this.setUserPassword(passwd);
+            return true;
+        }
+        return false;
     }
 
     isUserLoggedIn() {