FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Bug in fud_update_user()
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Bug in fud_update_user() [message #34992] Thu, 30 November 2006 17:03 Go to next message
rcwjenks is currently offline  rcwjenks   United States
Messages: 3
Registered: November 2006
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Unlike the fud_add_user() function, the fud_update_user() function does not properly MD5 the password field. Not only does that prevent login, but the password is then in the database as clear text.

Just add the following near the beginning of the function (mostly copied from the fud_add_user() function):
if (!empty($vals['passwd'])) {
    if (strncmp($vals['passwd'], 'md5', 3)) {
        $vals['passwd'] = md5($vals['passwd']);
    } else {
        $vals['passwd'] = substr($vals['passwd'], 3);
    }
}

FYI, kudos on the excellent API. I had it integrated into my own site's login system in about an hour.

-Robert
Re: Bug in fud_update_user() [message #35012 is a reply to message #34992] Fri, 01 December 2006 10:34 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Its not a bug, the update user function expects the password to already be md5ed or not be present if you are not changing it.

FUDforum Core Developer
Re: Bug in fud_update_user() [message #35477 is a reply to message #35012] Mon, 15 January 2007 15:05 Go to previous message
maarten is currently offline  maarten   United States
Messages: 7
Registered: January 2007
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
I tripped over this too.

Just a user vote: The "pass it either way" construct of fud_add_user() makes sense to me, but more than that, consistent APIs will save time.

I'd suggest documenting the difference in the comment above fud_update_user() to minimize surprises.

cheers!
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: After split
Next Topic: 2.7.7RC1: PM bug
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Oct 20 12:02:06 EDT 2017

Total time taken to generate the page: 0.00695 seconds