Help
Sign In
thereisonlycode
/
weave-server-php
2
0
Fork 0
Files
Browse Source

Password wasn't hashed before saving it in the database
if the user changed the password in the browser.

Fixes #17

Daniel Triendl 10 years ago
parent
8bbcbd00a1
commit
b22f18d5e5
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      user.php

+ 2 - 1
user.php
View File 

@@ -244,7 +244,8 @@
 
                    log_error("user.php: POST password ");
 
                   //to do
 
                   // change pw in db
 
-                  if($db->change_password($new_pwd))
 
+                  $hash = WeaveHashFactory::factory();
 
+                  if($db->change_password($hash->hash($new_pwd)))
 
                     exit("success"); 
                   else
 
                     report_problem(WEAVE_ERROR_INVALID_PROTOCOL, 503); //server db messed up somehow