From b22f18d5e5959979cde0ba1e0f64f22fc98743fe Mon Sep 17 00:00:00 2001
From: Daniel Triendl <daniel@pew.cc>
Date: Thu, 10 Apr 2014 18:29:28 +0200
Subject: [PATCH] Password wasn't hashed before saving it in the database if
 the user changed the password in the browser.

Fixes #17
---
 user.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/user.php b/user.php
index 4c8e905..a3fda56 100644
--- a/user.php
+++ b/user.php
@@ -244,7 +244,8 @@
                    log_error("user.php: POST password ");
                   //to do
                   // change pw in db
-                  if($db->change_password($new_pwd))
+                  $hash = WeaveHashFactory::factory();
+                  if($db->change_password($hash->hash($new_pwd)))
                     exit("success"); 
                   else
                     report_problem(WEAVE_ERROR_INVALID_PROTOCOL, 503); //server db messed up somehow