diff options
Diffstat (limited to 'engine/lib')
| -rw-r--r-- | engine/lib/sessions.php | 4 | ||||
| -rw-r--r-- | engine/lib/users.php | 21 |
2 files changed, 21 insertions, 4 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index ae7bd8ac5..3116f500d 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -72,10 +72,10 @@ { if (is_array($credentials) && ($credentials['username']) && ($credentials['password'])) { - $dbpassword = md5($credentials['password']); + //$dbpassword = md5($credentials['password']); if ($user = get_user_by_username($credentials['username'])) { - if ($user->password == $dbpassword) { + if ($user->password == generate_user_password($user, $credentials['password'])) { return true; } } diff --git a/engine/lib/users.php b/engine/lib/users.php index c0c43cb2f..b3ed4be55 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -811,6 +811,19 @@ return $valid; } + + /** + * Generate a password for a user, currently uses MD5. + * + * Later may introduce salting etc. + * + * @param ElggUser $user The user this is being generated for. + * @param string $password Password in clear text + */ + function generate_user_password(ElggUser $user, $password) + { + return md5($password); + } /**
* Registers a user, returning false if the username already exists
@@ -846,10 +859,10 @@ // Otherwise ...
$user = new ElggUser();
$user->username = $username;
- $user->password = md5($password);
$user->email = $email;
$user->name = $name;
- $user->access_id = 2;
+ $user->access_id = 2; + $user->password = generate_user_password($user, $password);
$user->save();
if (!$admin) {
@@ -906,6 +919,10 @@ extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1); register_action("user/name"); + // User password change + extend_elgg_settings_page('user/settings/password', 'usersettings/user', 1); + register_action("user/password"); + // Add email settings extend_elgg_settings_page('user/settings/email', 'usersettings/user', 1); register_action("email/save");
|