diff options
Diffstat (limited to 'app/Controllers/usersController.php')
| -rw-r--r-- | app/Controllers/usersController.php | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php index 482e35c3e..8954c845d 100644 --- a/app/Controllers/usersController.php +++ b/app/Controllers/usersController.php @@ -14,8 +14,21 @@ class FreshRSS_users_Controller extends Minz_ActionController { if (Minz_Request::isPost()) { $ok = true; + $passwordPlain = Minz_Request::param('passwordPlain', false); + if ($passwordPlain != '') { + Minz_Request::_param('passwordPlain'); //Discard plain-text password ASAP + $_POST['passwordPlain'] = ''; + if (!function_exists('password_hash')) { + include_once(LIB_PATH . '/password_compat.php'); + } + $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT); //A bit expensive, on purpose + $passwordPlain = ''; + $this->view->conf->_passwordHash($passwordHash); + } + $mail = Minz_Request::param('mail_login', false); $this->view->conf->_mail_login($mail); + $ok &= $this->view->conf->save(); $email = $this->view->conf->mail_login; |