summaryrefslogtreecommitdiffstats
path: root/include/user.php
diff options
context:
space:
mode:
authorArun Persaud <arun@nubati.net>2012-09-22 12:38:58 -0700
committerArun Persaud <arun@nubati.net>2012-09-22 12:46:27 -0700
commit14f6017a5b84d70320bde9d6e074ea8ac948a85e (patch)
tree6ad038518dff9737042501929a8919f622652c8d /include/user.php
parent90e831805a19358ab5a76c569181f72bc3534cb8 (diff)
downloade-DoKo-14f6017a5b84d70320bde9d6e074ea8ac948a85e.tar.gz
e-DoKo-14f6017a5b84d70320bde9d6e074ea8ac948a85e.tar.bz2
e-DoKo-14f6017a5b84d70320bde9d6e074ea8ac948a85e.zip
updated to better password hash: use crypt instead of md5
the upgrade will be done automatically when a user logs in, password recovery is still based on md5, but that should be OK, since it's a random generated password anyway
Diffstat (limited to 'include/user.php')
-rw-r--r--include/user.php9
1 files changed, 1 insertions, 8 deletions
diff --git a/include/user.php b/include/user.php
index 1b3d83e..d486b07 100644
--- a/include/user.php
+++ b/include/user.php
@@ -25,12 +25,7 @@ if(!isset($HOST))
exit;
/* test id and password, should really be done in one step */
-if(!isset($_SESSION['name']))
- {
- $email = $_REQUEST['email'];
- $password = $_REQUEST['password'];
- }
-else
+if(isset($_SESSION['name']))
{
$name = $_SESSION['name'];
$email = DB_get_email('name',$name);
@@ -106,8 +101,6 @@ else
{ /* normal user page */
/* verify password and email */
- if(strlen($password)!=32)
- $password = md5($password);
$ok = 1;
$myid = DB_get_userid('email-password',$email,$password);