aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-26 12:00:44 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-26 12:00:44 +0000
commit85aa957de8319e6c2ca6fc39190bb7fd2c5e602d (patch)
treec96028afa0d1e9b099342d580d6dc11a7a0b6b0f /engine
parent27e6aeae6cc813ef7f0dadd67f3002871bce3356 (diff)
downloadelgg-85aa957de8319e6c2ca6fc39190bb7fd2c5e602d.tar.gz
elgg-85aa957de8319e6c2ca6fc39190bb7fd2c5e602d.tar.bz2
Fixes #91 and #97
git-svn-id: https://code.elgg.org/elgg/trunk@1143 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/sessions.php4
-rw-r--r--engine/lib/users.php21
2 files changed, 21 insertions, 4 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ae7bd8ac5..3116f500d 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -72,10 +72,10 @@
{
if (is_array($credentials) && ($credentials['username']) && ($credentials['password']))
{
- $dbpassword = md5($credentials['password']);
+ //$dbpassword = md5($credentials['password']);
if ($user = get_user_by_username($credentials['username'])) {
- if ($user->password == $dbpassword) {
+ if ($user->password == generate_user_password($user, $credentials['password'])) {
return true;
}
}
diff --git a/engine/lib/users.php b/engine/lib/users.php
index c0c43cb2f..b3ed4be55 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -811,6 +811,19 @@
return $valid;
}
+
+ /**
+ * Generate a password for a user, currently uses MD5.
+ *
+ * Later may introduce salting etc.
+ *
+ * @param ElggUser $user The user this is being generated for.
+ * @param string $password Password in clear text
+ */
+ function generate_user_password(ElggUser $user, $password)
+ {
+ return md5($password);
+ }
/**
* Registers a user, returning false if the username already exists
@@ -846,10 +859,10 @@
// Otherwise ...
$user = new ElggUser();
$user->username = $username;
- $user->password = md5($password);
$user->email = $email;
$user->name = $name;
- $user->access_id = 2;
+ $user->access_id = 2;
+ $user->password = generate_user_password($user, $password);
$user->save();
if (!$admin) {
@@ -906,6 +919,10 @@
extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1);
register_action("user/name");
+ // User password change
+ extend_elgg_settings_page('user/settings/password', 'usersettings/user', 1);
+ register_action("user/password");
+
// Add email settings
extend_elgg_settings_page('user/settings/email', 'usersettings/user', 1);
register_action("email/save");