diff options
| author | Arun Persaud <arun@nubati.net> | 2012-09-22 12:38:58 -0700 |
|---|---|---|
| committer | Arun Persaud <arun@nubati.net> | 2012-09-22 12:46:27 -0700 |
| commit | 14f6017a5b84d70320bde9d6e074ea8ac948a85e (patch) | |
| tree | 6ad038518dff9737042501929a8919f622652c8d /include/login.php | |
| parent | 90e831805a19358ab5a76c569181f72bc3534cb8 (diff) | |
| download | e-DoKo-14f6017a5b84d70320bde9d6e074ea8ac948a85e.tar.gz e-DoKo-14f6017a5b84d70320bde9d6e074ea8ac948a85e.tar.bz2 e-DoKo-14f6017a5b84d70320bde9d6e074ea8ac948a85e.zip | |
updated to better password hash: use crypt instead of md5
the upgrade will be done automatically when a user logs in, password recovery is still based
on md5, but that should be OK, since it's a random generated password anyway
Diffstat (limited to 'include/login.php')
| -rw-r--r-- | include/login.php | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/include/login.php b/include/login.php index ab7b48a..eb7d5b8 100644 --- a/include/login.php +++ b/include/login.php @@ -85,21 +85,27 @@ else if(myisset('email','password')) $password = $_REQUEST['password']; /* verify password and email */ - if(strlen($password)!=32) - $password = md5($password); $ok = 1; - $myid = DB_get_userid('email-password',$email,$password); - if(!$myid) - $ok = 0; + $myid = DB_get_userid('email',$email); - if($ok) + $result = verify_password($email, $password); + switch($result) { - /* user information is ok, set session variabel */ - $myname = DB_get_name('email',$email); + case 0: + /* user information is ok, set session variable */ + $myname = DB_get_name('email',$email); + $hashedpassword = DB_get_passwd_by_userid($myid); $_SESSION['name'] = $myname; $_SESSION['id'] = $myid; - $_SESSION['pass'] = $password; + $_SESSION['pass'] = $hashedpassword; + break; + case 1: + echo "Can't find you in the database\n"; + break; + case 2: + echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n"; + break; } } else |