aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/user/name.php2
-rw-r--r--actions/user/password.php51
-rw-r--r--engine/lib/sessions.php4
-rw-r--r--engine/lib/users.php21
-rw-r--r--languages/en.php10
-rw-r--r--views/default/user/settings/password.php33
6 files changed, 115 insertions, 6 deletions
diff --git a/actions/user/name.php b/actions/user/name.php
index 8ecfa856d..bbeed85ec 100644
--- a/actions/user/name.php
+++ b/actions/user/name.php
@@ -24,7 +24,7 @@
else
$user = get_entity($user_id);
- if ($user)
+ if (($user) && ($name))
{
$user->name = $name;
if ($user->save())
diff --git a/actions/user/password.php b/actions/user/password.php
new file mode 100644
index 000000000..4c7ceb65c
--- /dev/null
+++ b/actions/user/password.php
@@ -0,0 +1,51 @@
+<?php
+ /**
+ * Action for changing a user's password
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Marcus Povey
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ */
+
+ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+ global $CONFIG;
+
+ gatekeeper();
+
+ $password = get_input('password');
+ $password2 = get_input('password2');
+ $user_id = get_input('guid');
+ $user = "";
+
+ if (!$user_id)
+ $user = $_SESSION['user'];
+ else
+ $user = get_entity($user_id);
+
+ if (($user) && ($password!=""))
+ {
+ if (strlen($password)>=4)
+ {
+ if ($password == $password2)
+ {
+ $user->password = generate_user_password($user, $password);
+ if ($user->save())
+ system_message(elgg_echo('user:password:success'));
+ else
+ system_message(elgg_echo('user:password:fail'));
+ }
+ else
+ system_message(elgg_echo('user:password:fail:notsame'));
+ }
+ else
+ system_message(elgg_echo('user:password:fail:tooshort'));
+ }
+ else
+ system_message(elgg_echo('user:password:fail'));
+
+ forward($_SERVER['HTTP_REFERER']);
+ exit;
+?> \ No newline at end of file
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ae7bd8ac5..3116f500d 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -72,10 +72,10 @@
{
if (is_array($credentials) && ($credentials['username']) && ($credentials['password']))
{
- $dbpassword = md5($credentials['password']);
+ //$dbpassword = md5($credentials['password']);
if ($user = get_user_by_username($credentials['username'])) {
- if ($user->password == $dbpassword) {
+ if ($user->password == generate_user_password($user, $credentials['password'])) {
return true;
}
}
diff --git a/engine/lib/users.php b/engine/lib/users.php
index c0c43cb2f..b3ed4be55 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -811,6 +811,19 @@
return $valid;
}
+
+ /**
+ * Generate a password for a user, currently uses MD5.
+ *
+ * Later may introduce salting etc.
+ *
+ * @param ElggUser $user The user this is being generated for.
+ * @param string $password Password in clear text
+ */
+ function generate_user_password(ElggUser $user, $password)
+ {
+ return md5($password);
+ }
/**
* Registers a user, returning false if the username already exists
@@ -846,10 +859,10 @@
// Otherwise ...
$user = new ElggUser();
$user->username = $username;
- $user->password = md5($password);
$user->email = $email;
$user->name = $name;
- $user->access_id = 2;
+ $user->access_id = 2;
+ $user->password = generate_user_password($user, $password);
$user->save();
if (!$admin) {
@@ -906,6 +919,10 @@
extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1);
register_action("user/name");
+ // User password change
+ extend_elgg_settings_page('user/settings/password', 'usersettings/user', 1);
+ register_action("user/password");
+
// Add email settings
extend_elgg_settings_page('user/settings/email', 'usersettings/user', 1);
register_action("email/save");
diff --git a/languages/en.php b/languages/en.php
index 22c2c280f..d073ace1a 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -242,7 +242,15 @@
'user:set:name' => "Account name settings",
'user:name:label' => "Your name",
'user:name:success' => "Successfully changed your name on the system.",
- 'user:name:fail' => "Could not change your name on the system.",
+ 'user:name:fail' => "Could not change your name on the system.",
+
+ 'user:set:password' => "Account password",
+ 'user:password:label' => "Your new password",
+ 'user:password2:label' => "Your new password again",
+ 'user:password:success' => "Password changed",
+ 'user:password:fail' => "Could not change your password on the system.",
+ 'user:password:fail:notsame' => "The two passwords are not the same!",
+ 'user:password:fail:tooshort' => "Password is too short!",
/**
* Administration
diff --git a/views/default/user/settings/password.php b/views/default/user/settings/password.php
new file mode 100644
index 000000000..27b48e63d
--- /dev/null
+++ b/views/default/user/settings/password.php
@@ -0,0 +1,33 @@
+<?php
+ /**
+ * Provide a way of setting your password
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Marcus Povey
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ */
+
+ $user = $_SESSION['user'];
+
+ if ($user) {
+?>
+ <h2><?php echo elgg_echo('user:set:password'); ?></h2>
+ <form action="<?php echo $vars['url']; ?>action/user/password" method="post">
+ <p>
+ <?php echo elgg_echo('user:password:label'); ?> : <input type="password" name="password" value="" />
+ <?php echo elgg_echo('user:password2:label'); ?> : <input type="password" name="password2" value="" />
+ </p>
+
+ <p>
+ <input type="submit" value="<?php
+
+ echo elgg_echo('save');
+
+ ?>" />
+ </p>
+ </form>
+
+<?php } ?> \ No newline at end of file