FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Bug in fud_update_user()
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Bug in fud_update_user() [message #34992] Thu, 30 November 2006 22:03 Go to previous message
rcwjenks is currently offline  rcwjenks   United States
Messages: 3
Registered: November 2006
Karma:
Junior Member
Unlike the fud_add_user() function, the fud_update_user() function does not properly MD5 the password field. Not only does that prevent login, but the password is then in the database as clear text.

Just add the following near the beginning of the function (mostly copied from the fud_add_user() function):
if (!empty($vals['passwd'])) {
    if (strncmp($vals['passwd'], 'md5', 3)) {
        $vals['passwd'] = md5($vals['passwd']);
    } else {
        $vals['passwd'] = substr($vals['passwd'], 3);
    }
}

FYI, kudos on the excellent API. I had it integrated into my own site's login system in about an hour.

-Robert
[Message index]
 
Read Message
Read Message
Read Message
Previous Topic: After split
Next Topic: 2.7.7RC1: PM bug
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Dec 18 08:24:09 GMT 2024

Total time taken to generate the page: 0.05597 seconds