diff options
| -rw-r--r-- | actions/user/name.php | 2 | ||||
| -rw-r--r-- | actions/user/password.php | 51 | ||||
| -rw-r--r-- | engine/lib/sessions.php | 4 | ||||
| -rw-r--r-- | engine/lib/users.php | 21 | ||||
| -rw-r--r-- | languages/en.php | 10 | ||||
| -rw-r--r-- | views/default/user/settings/password.php | 33 |
6 files changed, 115 insertions, 6 deletions
diff --git a/actions/user/name.php b/actions/user/name.php index 8ecfa856d..bbeed85ec 100644 --- a/actions/user/name.php +++ b/actions/user/name.php @@ -24,7 +24,7 @@ else $user = get_entity($user_id); - if ($user) + if (($user) && ($name)) { $user->name = $name; if ($user->save()) diff --git a/actions/user/password.php b/actions/user/password.php new file mode 100644 index 000000000..4c7ceb65c --- /dev/null +++ b/actions/user/password.php @@ -0,0 +1,51 @@ +<?php + /** + * Action for changing a user's password + * + * @package Elgg + * @subpackage Core + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Marcus Povey + * @copyright Curverider Ltd 2008 + * @link http://elgg.org/ + */ + + require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); + global $CONFIG; + + gatekeeper(); + + $password = get_input('password'); + $password2 = get_input('password2'); + $user_id = get_input('guid'); + $user = ""; + + if (!$user_id) + $user = $_SESSION['user']; + else + $user = get_entity($user_id); + + if (($user) && ($password!="")) + { + if (strlen($password)>=4) + { + if ($password == $password2) + { + $user->password = generate_user_password($user, $password); + if ($user->save()) + system_message(elgg_echo('user:password:success')); + else + system_message(elgg_echo('user:password:fail')); + } + else + system_message(elgg_echo('user:password:fail:notsame')); + } + else + system_message(elgg_echo('user:password:fail:tooshort')); + } + else + system_message(elgg_echo('user:password:fail')); + + forward($_SERVER['HTTP_REFERER']); + exit; +?>
\ No newline at end of file diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index ae7bd8ac5..3116f500d 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -72,10 +72,10 @@ { if (is_array($credentials) && ($credentials['username']) && ($credentials['password'])) { - $dbpassword = md5($credentials['password']); + //$dbpassword = md5($credentials['password']); if ($user = get_user_by_username($credentials['username'])) { - if ($user->password == $dbpassword) { + if ($user->password == generate_user_password($user, $credentials['password'])) { return true; } } diff --git a/engine/lib/users.php b/engine/lib/users.php index c0c43cb2f..b3ed4be55 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -811,6 +811,19 @@ return $valid; } + + /** + * Generate a password for a user, currently uses MD5. + * + * Later may introduce salting etc. + * + * @param ElggUser $user The user this is being generated for. + * @param string $password Password in clear text + */ + function generate_user_password(ElggUser $user, $password) + { + return md5($password); + } /**
* Registers a user, returning false if the username already exists
@@ -846,10 +859,10 @@ // Otherwise ...
$user = new ElggUser();
$user->username = $username;
- $user->password = md5($password);
$user->email = $email;
$user->name = $name;
- $user->access_id = 2;
+ $user->access_id = 2; + $user->password = generate_user_password($user, $password);
$user->save();
if (!$admin) {
@@ -906,6 +919,10 @@ extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1); register_action("user/name"); + // User password change + extend_elgg_settings_page('user/settings/password', 'usersettings/user', 1); + register_action("user/password"); + // Add email settings extend_elgg_settings_page('user/settings/email', 'usersettings/user', 1); register_action("email/save");
diff --git a/languages/en.php b/languages/en.php index 22c2c280f..d073ace1a 100644 --- a/languages/en.php +++ b/languages/en.php @@ -242,7 +242,15 @@ 'user:set:name' => "Account name settings", 'user:name:label' => "Your name", 'user:name:success' => "Successfully changed your name on the system.", - 'user:name:fail' => "Could not change your name on the system.",
+ 'user:name:fail' => "Could not change your name on the system.", + + 'user:set:password' => "Account password", + 'user:password:label' => "Your new password", + 'user:password2:label' => "Your new password again", + 'user:password:success' => "Password changed", + 'user:password:fail' => "Could not change your password on the system.", + 'user:password:fail:notsame' => "The two passwords are not the same!", + 'user:password:fail:tooshort' => "Password is too short!",
/**
* Administration
diff --git a/views/default/user/settings/password.php b/views/default/user/settings/password.php new file mode 100644 index 000000000..27b48e63d --- /dev/null +++ b/views/default/user/settings/password.php @@ -0,0 +1,33 @@ +<?php + /** + * Provide a way of setting your password + * + * @package Elgg + * @subpackage Core + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Marcus Povey + * @copyright Curverider Ltd 2008 + * @link http://elgg.org/ + */ + + $user = $_SESSION['user']; + + if ($user) { +?> + <h2><?php echo elgg_echo('user:set:password'); ?></h2> + <form action="<?php echo $vars['url']; ?>action/user/password" method="post"> + <p> + <?php echo elgg_echo('user:password:label'); ?> : <input type="password" name="password" value="" /> + <?php echo elgg_echo('user:password2:label'); ?> : <input type="password" name="password2" value="" /> + </p> + + <p> + <input type="submit" value="<?php + + echo elgg_echo('save'); + + ?>" /> + </p> + </form> + +<?php } ?>
\ No newline at end of file |