updated to better password hash: use crypt instead of md5

[e-DoKo.git] / include / user.php

diff --git a/include/user.php b/include/user.php
index b811cdaa0d4f52a74c5ae632e5865b868a96f36a..d486b0746b96021d1c9f6b79f83bb2e2227c889b 100644 (file)
--- a/include/user.php
+++ b/include/user.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright 2006, 2007, 2008, 2009, 2010 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arun Persaud <arun@nubati.net>
  *
  *   This file is part of e-DoKo.
  *
@@ -25,12 +25,7 @@ if(!isset($HOST))
   exit;
 
 /* test id and password, should really be done in one step */
-if(!isset($_SESSION['name']))
-  {
-    $email     = $_REQUEST['email'];
-    $password  = $_REQUEST['password'];
-  }
-else
+if(isset($_SESSION['name']))
   {
     $name = $_SESSION['name'];
     $email     = DB_get_email('name',$name);
@@ -106,8 +101,6 @@ else
   { /* normal user page */
 
     /* verify password and email */
-    if(strlen($password)!=32)
-      $password = md5($password);
 
     $ok  = 1;
     $myid = DB_get_userid('email-password',$email,$password);
@@ -121,6 +114,8 @@ else
        $_SESSION['name'] = $myname;
 
        $PREF = DB_get_PREF($myid);
+       /* set language chosen in preferences, will become active on the next reload (see index.php)*/
+       $_SESSION['language'] = $PREF['language'];
 
        DB_update_user_timestamp($myid);