diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-06-26 12:00:44 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-06-26 12:00:44 +0000 |
| commit | 85aa957de8319e6c2ca6fc39190bb7fd2c5e602d (patch) | |
| tree | c96028afa0d1e9b099342d580d6dc11a7a0b6b0f /engine | |
| parent | 27e6aeae6cc813ef7f0dadd67f3002871bce3356 (diff) | |
| download | elgg-85aa957de8319e6c2ca6fc39190bb7fd2c5e602d.tar.gz elgg-85aa957de8319e6c2ca6fc39190bb7fd2c5e602d.tar.bz2 | |
Fixes #91 and #97
git-svn-id: https://code.elgg.org/elgg/trunk@1143 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
| -rw-r--r-- | engine/lib/sessions.php | 4 | ||||
| -rw-r--r-- | engine/lib/users.php | 21 |
2 files changed, 21 insertions, 4 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index ae7bd8ac5..3116f500d 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -72,10 +72,10 @@ { if (is_array($credentials) && ($credentials['username']) && ($credentials['password'])) { - $dbpassword = md5($credentials['password']); + //$dbpassword = md5($credentials['password']); if ($user = get_user_by_username($credentials['username'])) { - if ($user->password == $dbpassword) { + if ($user->password == generate_user_password($user, $credentials['password'])) { return true; } } diff --git a/engine/lib/users.php b/engine/lib/users.php index c0c43cb2f..b3ed4be55 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -811,6 +811,19 @@ return $valid; } + + /** + * Generate a password for a user, currently uses MD5. + * + * Later may introduce salting etc. + * + * @param ElggUser $user The user this is being generated for. + * @param string $password Password in clear text + */ + function generate_user_password(ElggUser $user, $password) + { + return md5($password); + } /**
* Registers a user, returning false if the username already exists
@@ -846,10 +859,10 @@ // Otherwise ...
$user = new ElggUser();
$user->username = $username;
- $user->password = md5($password);
$user->email = $email;
$user->name = $name;
- $user->access_id = 2;
+ $user->access_id = 2; + $user->password = generate_user_password($user, $password);
$user->save();
if (!$admin) {
@@ -906,6 +919,10 @@ extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1); register_action("user/name"); + // User password change + extend_elgg_settings_page('user/settings/password', 'usersettings/user', 1); + register_action("user/password"); + // Add email settings extend_elgg_settings_page('user/settings/email', 'usersettings/user', 1); register_action("email/save");
|