diff options
| author | Simon | 2011-04-19 16:32:18 +0200 |
|---|---|---|
| committer | Simon | 2011-04-19 16:32:18 +0200 |
| commit | 6588d2849f6f61d14e988687eaf4c0df0ebe0d33 (patch) | |
| tree | cae2d54a8766cfb2ae8d1cc270635fc0e67cb4f3 /application/modules/user | |
| parent | Code autoformatiert (diff) | |
| download | pbs2-6588d2849f6f61d14e988687eaf4c0df0ebe0d33.tar.gz pbs2-6588d2849f6f61d14e988687eaf4c0df0ebe0d33.tar.xz pbs2-6588d2849f6f61d14e988687eaf4c0df0ebe0d33.zip | |
Ticket #194 - Passwordsalt wird gesetzt und auch beachtet
Diffstat (limited to 'application/modules/user')
| -rw-r--r-- | application/modules/user/controllers/PersonController.php | 33 | ||||
| -rw-r--r-- | application/modules/user/views/scripts/person/edit.phtml | 2 |
2 files changed, 17 insertions, 18 deletions
diff --git a/application/modules/user/controllers/PersonController.php b/application/modules/user/controllers/PersonController.php index 5cb8d09..52bf757 100644 --- a/application/modules/user/controllers/PersonController.php +++ b/application/modules/user/controllers/PersonController.php @@ -55,11 +55,11 @@ class user_PersonController extends Zend_Controller_Action $this->view->apikeys[$group->getID()] = $membership['apikey']; $this->groups[] = array ( - 'groupID' => $group->getID(), - 'title' => $group->getTitle(), - 'description' => $group->getDescription(), - 'membershipID' => $membership['membershipID'], - 'role' => $role->getTitle() + 'groupID' => $group->getID(), + 'title' => $group->getTitle(), + 'description' => $group->getDescription(), + 'membershipID' => $membership['membershipID'], + 'role' => $role->getTitle() ); } } @@ -151,7 +151,7 @@ class user_PersonController extends Zend_Controller_Action if(!Pbs_Acl::checkRight('peod')) { $this->_redirect('/user'); } - if($personID = $this->_request->getParam('personID')) { + if($this->person->getID() == $this->_request->getParam('personID')) { if(!Pbs_Acl::checkRight('peoa')) { $this->_redirect('/user'); } @@ -165,14 +165,14 @@ class user_PersonController extends Zend_Controller_Action } else { $editForm = new user_Form_PersonEdit($_POST); if ($editForm->isValid($_POST)) { - if($personID = $this->_request->getParam('personID')) { - if(isset($_POST['newpassword'])) { - $date = new DateTime(); + if($this->person->getID() == $this->_request->getParam('personID')) { + + $person->setOptions($_POST); + if($_POST['newpassword'] != '') { $person->setPassword($_POST['newpassword']); - $person->setPasswordSalt(MD5($date->getTimestamp())); - $person->setPassword(MD5($person->getPassword() . $this->person->getPasswordSalt())); + $person->setPasswordSalt(MD5(microtime(true))); + $person->setPassword(MD5($person->getPassword() . $person->getPasswordSalt())); } - $person->setOptions($_POST); try { $this->personmapper->save($person); } catch(Zend_Exception $e) @@ -183,14 +183,13 @@ class user_PersonController extends Zend_Controller_Action return; } $this->_helper->redirector('', 'person'); - } else { - if(isset($_POST['newpassword'])) { - $date = new DateTime(); + } else { + $this->person->setOptions($_POST); + if($_POST['newpassword'] != '') { $this->person->setPassword($_POST['newpassword']); - $this->person->setPasswordSalt(MD5($date->getTimestamp())); + $this->person->setPasswordSalt(MD5(microtime(true))); $this->person->setPassword(MD5($this->person->getPassword() . $this->person->getPasswordSalt())); } - $this->person->setOptions($_POST); try { $this->personmapper->save($this->person); } catch(Zend_Exception $e) diff --git a/application/modules/user/views/scripts/person/edit.phtml b/application/modules/user/views/scripts/person/edit.phtml index 3e666d4..76316db 100644 --- a/application/modules/user/views/scripts/person/edit.phtml +++ b/application/modules/user/views/scripts/person/edit.phtml @@ -2,4 +2,4 @@ <?php $this->editForm->setAction($this->url()); echo $this->editForm; -?>
\ No newline at end of file +?> |