diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-04 10:59:16 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-04 10:59:16 +0000 |
| commit | b4ee69ed8d1656c6b70ba74d4e9542caac9d55c1 (patch) | |
| tree | febb2c0dc84d3147ed97fb537ad7be03f50f2ef6 /engine/lib/sessions.php | |
| parent | ceebe108fecc1083be435313c4c3f4fa284e7175 (diff) | |
| download | elgg-b4ee69ed8d1656c6b70ba74d4e9542caac9d55c1.tar.gz elgg-b4ee69ed8d1656c6b70ba74d4e9542caac9d55c1.tar.bz2 | |
Closes #193: Added salt field to database and new users will be generated with salted passwords.
Existing users remain unchanged and should still be able to log in.
Requires a schema change and the following code run against the database:
alter table elggusers_entity add column salt varchar(8) NOT NULL default '' after password;
git-svn-id: https://code.elgg.org/elgg/trunk@1676 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/sessions.php')
| -rw-r--r-- | engine/lib/sessions.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index a47415d64..279beb107 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -80,7 +80,7 @@ // Let admins log in without validating their email, but normal users must have validated their email if ((!$user->admin) && (!$user->validated_email)) return false; - + if ($user->password == generate_user_password($user, $credentials['password'])) { return true; } @@ -102,7 +102,7 @@ function login(ElggUser $user, $persistent = false) {
global $CONFIG;
-
+
$_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
$_SESSION['id'] = $_SESSION['guid'];
|