FUDforum: Bug Reports » Bug in fud_update

Home » FUDforum Development » Bug Reports » Bug in fud_update_user()

Show: Today's Messages :: Polls :: Message Navigator

Bug in fud_update_user() [message #34992]

Thu, 30 November 2006 22:03

rcwjenks

Messages: 3
Registered: November 2006

Karma:

Junior Member

Unlike the fud_add_user() function, the fud_update_user() function does not properly MD5 the password field. Not only does that prevent login, but the password is then in the database as clear text.

Just add the following near the beginning of the function (mostly copied from the fud_add_user() function):

if (!empty($vals['passwd'])) {
    if (strncmp($vals['passwd'], 'md5', 3)) {
        $vals['passwd'] = md5($vals['passwd']);
    } else {
        $vals['passwd'] = substr($vals['passwd'], 3);
    }
}

FYI, kudos on the excellent API. I had it integrated into my own site's login system in about an hour.

-Robert

Report message to a moderator

[Message index]

		Bug in fud_update_user() By: rcwjenks on Thu, 30 November 2006 22:03
		Re: Bug in fud_update_user() By: Ilia on Fri, 01 December 2006 15:34
		Re: Bug in fud_update_user() By: maarten on Mon, 15 January 2007 20:05

Previous Topic:	After split
Next Topic:	2.7.7RC1: PM bug

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Sep 28 21:58:51 GMT 2024

Total time taken to generate the page: 0.04347 seconds