Password wasn't hashed before saving it in the database

if the user changed the password in the browser. Fixes #17
10 years ago · b22f18d5e5
parent 8bbcbd00a1
commit b22f18d5e5
1 changed files with 2 additions and 1 deletions
--- a/user.php
+++ b/user.php
@ -244,7 +244,8 @@
                   log_error("user.php: POST password ");
                  //to do
                  // change pw in db
-                  if($db->change_password($new_pwd))
+                  $hash = WeaveHashFactory::factory();
+                  if($db->change_password($hash->hash($new_pwd)))
                    exit("success"); 
                  else
                    report_problem(WEAVE_ERROR_INVALID_PROTOCOL, 503); //server db messed up somehow