FUDforum - خوراک RDF
http://fudforum.org/forum/index.php
Bug in fud_update_user()
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=34992&th=7400#msg_34992
fud_add_user() function, the fud_update_user() function does not properly MD5 the password field. Not only does that prevent login, but the password is then in the database as clear text.
Just add the following near the beginning of the function (mostly copied from the fud_add_user() function):
if (!empty($vals['passwd'])) {
if (strncmp($vals['passwd'], 'md5', 3)) {
$vals['passwd'] = md5($vals['passwd']);
} else {
$vals['passwd'] = substr($vals['passwd'], 3);
}
}
FYI, kudos on the excellent API. I had it integrated into my own site's login system in about an hour.
-Robert]]>rcwjenks2006-11-30T22:03:41-00:00Re: Bug in fud_update_user()
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=35012&th=7400#msg_35012
Ilia2006-12-01T15:34:03-00:00Re: Bug in fud_update_user()
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=35477&th=7400#msg_35477
Just a user vote: The "pass it either way" construct of fud_add_user() makes sense to me, but more than that, consistent APIs will save time.
I'd suggest documenting the difference in the comment above fud_update_user() to minimize surprises.