FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Bug in fud_update_user()
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Bug in fud_update_user() [message #34992] Thu, 30 November 2006 22:03 Go to next message
rcwjenks is currently offline  rcwjenks   United States
Messages: 3
Registered: November 2006
Karma: 0
Junior Member
Unlike the fud_add_user() function, the fud_update_user() function does not properly MD5 the password field. Not only does that prevent login, but the password is then in the database as clear text.

Just add the following near the beginning of the function (mostly copied from the fud_add_user() function):
if (!empty($vals['passwd'])) {
    if (strncmp($vals['passwd'], 'md5', 3)) {
        $vals['passwd'] = md5($vals['passwd']);
    } else {
        $vals['passwd'] = substr($vals['passwd'], 3);
    }
}

FYI, kudos on the excellent API. I had it integrated into my own site's login system in about an hour.

-Robert
Re: Bug in fud_update_user() [message #35012 is a reply to message #34992] Fri, 01 December 2006 15:34 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Its not a bug, the update user function expects the password to already be md5ed or not be present if you are not changing it.

FUDforum Core Developer
Re: Bug in fud_update_user() [message #35477 is a reply to message #35012] Mon, 15 January 2007 20:05 Go to previous message
maarten is currently offline  maarten   United States
Messages: 7
Registered: January 2007
Karma: 0
Junior Member
I tripped over this too.

Just a user vote: The "pass it either way" construct of fud_add_user() makes sense to me, but more than that, consistent APIs will save time.

I'd suggest documenting the difference in the comment above fud_update_user() to minimize surprises.

cheers!
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: After split
Next Topic: 2.7.7RC1: PM bug
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Dec 18 10:42:19 GMT 2024

Total time taken to generate the page: 0.02563 seconds