From 85aa957de8319e6c2ca6fc39190bb7fd2c5e602d Mon Sep 17 00:00:00 2001 From: marcus Date: Thu, 26 Jun 2008 12:00:44 +0000 Subject: Fixes #91 and #97 git-svn-id: https://code.elgg.org/elgg/trunk@1143 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/user/name.php | 2 +- actions/user/password.php | 51 ++++++++++++++++++++++++++++++++ engine/lib/sessions.php | 4 +-- engine/lib/users.php | 21 +++++++++++-- languages/en.php | 10 ++++++- views/default/user/settings/password.php | 33 +++++++++++++++++++++ 6 files changed, 115 insertions(+), 6 deletions(-) create mode 100644 actions/user/password.php create mode 100644 views/default/user/settings/password.php diff --git a/actions/user/name.php b/actions/user/name.php index 8ecfa856d..bbeed85ec 100644 --- a/actions/user/name.php +++ b/actions/user/name.php @@ -24,7 +24,7 @@ else $user = get_entity($user_id); - if ($user) + if (($user) && ($name)) { $user->name = $name; if ($user->save()) diff --git a/actions/user/password.php b/actions/user/password.php new file mode 100644 index 000000000..4c7ceb65c --- /dev/null +++ b/actions/user/password.php @@ -0,0 +1,51 @@ +=4) + { + if ($password == $password2) + { + $user->password = generate_user_password($user, $password); + if ($user->save()) + system_message(elgg_echo('user:password:success')); + else + system_message(elgg_echo('user:password:fail')); + } + else + system_message(elgg_echo('user:password:fail:notsame')); + } + else + system_message(elgg_echo('user:password:fail:tooshort')); + } + else + system_message(elgg_echo('user:password:fail')); + + forward($_SERVER['HTTP_REFERER']); + exit; +?> \ No newline at end of file diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index ae7bd8ac5..3116f500d 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -72,10 +72,10 @@ { if (is_array($credentials) && ($credentials['username']) && ($credentials['password'])) { - $dbpassword = md5($credentials['password']); + //$dbpassword = md5($credentials['password']); if ($user = get_user_by_username($credentials['username'])) { - if ($user->password == $dbpassword) { + if ($user->password == generate_user_password($user, $credentials['password'])) { return true; } } diff --git a/engine/lib/users.php b/engine/lib/users.php index c0c43cb2f..b3ed4be55 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -811,6 +811,19 @@ return $valid; } + + /** + * Generate a password for a user, currently uses MD5. + * + * Later may introduce salting etc. + * + * @param ElggUser $user The user this is being generated for. + * @param string $password Password in clear text + */ + function generate_user_password(ElggUser $user, $password) + { + return md5($password); + } /** * Registers a user, returning false if the username already exists @@ -846,10 +859,10 @@ // Otherwise ... $user = new ElggUser(); $user->username = $username; - $user->password = md5($password); $user->email = $email; $user->name = $name; - $user->access_id = 2; + $user->access_id = 2; + $user->password = generate_user_password($user, $password); $user->save(); if (!$admin) { @@ -906,6 +919,10 @@ extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1); register_action("user/name"); + // User password change + extend_elgg_settings_page('user/settings/password', 'usersettings/user', 1); + register_action("user/password"); + // Add email settings extend_elgg_settings_page('user/settings/email', 'usersettings/user', 1); register_action("email/save"); diff --git a/languages/en.php b/languages/en.php index 22c2c280f..d073ace1a 100644 --- a/languages/en.php +++ b/languages/en.php @@ -242,7 +242,15 @@ 'user:set:name' => "Account name settings", 'user:name:label' => "Your name", 'user:name:success' => "Successfully changed your name on the system.", - 'user:name:fail' => "Could not change your name on the system.", + 'user:name:fail' => "Could not change your name on the system.", + + 'user:set:password' => "Account password", + 'user:password:label' => "Your new password", + 'user:password2:label' => "Your new password again", + 'user:password:success' => "Password changed", + 'user:password:fail' => "Could not change your password on the system.", + 'user:password:fail:notsame' => "The two passwords are not the same!", + 'user:password:fail:tooshort' => "Password is too short!", /** * Administration diff --git a/views/default/user/settings/password.php b/views/default/user/settings/password.php new file mode 100644 index 000000000..27b48e63d --- /dev/null +++ b/views/default/user/settings/password.php @@ -0,0 +1,33 @@ + +

+
+

+ : + : +

+ +

+ +

+
+ + \ No newline at end of file -- cgit v1.2.3