From 85aa957de8319e6c2ca6fc39190bb7fd2c5e602d Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Thu, 26 Jun 2008 12:00:44 +0000
Subject: Fixes #91 and #97

git-svn-id: https://code.elgg.org/elgg/trunk@1143 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/sessions.php |  4 ++--
 engine/lib/users.php    | 21 +++++++++++++++++++--
 2 files changed, 21 insertions(+), 4 deletions(-)

(limited to 'engine')

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ae7bd8ac5..3116f500d 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -72,10 +72,10 @@
 		{
 			if (is_array($credentials) && ($credentials['username']) && ($credentials['password']))
 			{
-				$dbpassword = md5($credentials['password']);
+				//$dbpassword = md5($credentials['password']);
             
 	            if ($user = get_user_by_username($credentials['username'])) {
-	                 if ($user->password == $dbpassword) {
+	                 if ($user->password == generate_user_password($user, $credentials['password'])) {
 	                 	return true;
 	                 }
 	            }
diff --git a/engine/lib/users.php b/engine/lib/users.php
index c0c43cb2f..b3ed4be55 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -811,6 +811,19 @@
 		
 		return $valid;
 	}
+	
+	/**
+	 * Generate a password for a user, currently uses MD5.
+	 * 
+	 * Later may introduce salting etc.
+	 *
+	 * @param ElggUser $user The user this is being generated for.
+	 * @param string $password Password in clear text
+	 */
+	function generate_user_password(ElggUser $user, $password)
+	{
+		return md5($password);
+	}
 	
 	/**
 	 * Registers a user, returning false if the username already exists
@@ -846,10 +859,10 @@
 		// Otherwise ...
 			$user = new ElggUser();
 			$user->username = $username;
-			$user->password = md5($password);
 			$user->email = $email;
 			$user->name = $name;
-			$user->access_id = 2;
+			$user->access_id = 2;
+			$user->password = generate_user_password($user, $password);
 			$user->save();
 			
 			if (!$admin) {
@@ -906,6 +919,10 @@
 		extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1);
 		register_action("user/name");
 		
+		// User password change
+		extend_elgg_settings_page('user/settings/password', 'usersettings/user', 1);
+		register_action("user/password");
+		
 		// Add email settings
 		extend_elgg_settings_page('user/settings/email', 'usersettings/user', 1);
 		register_action("email/save");
-- 
cgit v1.2.3