diff options
author | Arun Persaud <arun@nubati.net> | 2012-09-22 12:38:58 -0700 |
---|---|---|
committer | Arun Persaud <arun@nubati.net> | 2012-09-22 12:46:27 -0700 |
commit | 14f6017a5b84d70320bde9d6e074ea8ac948a85e (patch) | |
tree | 6ad038518dff9737042501929a8919f622652c8d /include/user.php | |
parent | 90e831805a19358ab5a76c569181f72bc3534cb8 (diff) | |
download | e-DoKo-14f6017a5b84d70320bde9d6e074ea8ac948a85e.tar.gz e-DoKo-14f6017a5b84d70320bde9d6e074ea8ac948a85e.tar.bz2 e-DoKo-14f6017a5b84d70320bde9d6e074ea8ac948a85e.zip |
updated to better password hash: use crypt instead of md5
the upgrade will be done automatically when a user logs in, password recovery is still based
on md5, but that should be OK, since it's a random generated password anyway
Diffstat (limited to 'include/user.php')
-rw-r--r-- | include/user.php | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/include/user.php b/include/user.php index 1b3d83e..d486b07 100644 --- a/include/user.php +++ b/include/user.php @@ -25,12 +25,7 @@ if(!isset($HOST)) exit; /* test id and password, should really be done in one step */ -if(!isset($_SESSION['name'])) - { - $email = $_REQUEST['email']; - $password = $_REQUEST['password']; - } -else +if(isset($_SESSION['name'])) { $name = $_SESSION['name']; $email = DB_get_email('name',$name); @@ -106,8 +101,6 @@ else { /* normal user page */ /* verify password and email */ - if(strlen($password)!=32) - $password = md5($password); $ok = 1; $myid = DB_get_userid('email-password',$email,$password); |