From 335c86e78ecb2432489339ed7e470496651f1b64 Mon Sep 17 00:00:00 2001 From: SystemDisc Date: Tue, 26 Aug 2014 14:28:21 -0400 Subject: [PATCH 1/2] fixed bug where passwords are stored in plaintext https://bugs.launchpad.net/fuel/+bug/1361796 since it pashword hasing was moved out of on_before_clean and into on_before_save, and in on_before_clean new_password gets set back to password, this should be reflected in on_before_save without this fix logins will never validate for those new users and -the password is stored as plaintext!- --- fuel/modules/fuel/models/fuel_users_model.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fuel/modules/fuel/models/fuel_users_model.php b/fuel/modules/fuel/models/fuel_users_model.php index 71735b090..0ba82a1b4 100644 --- a/fuel/modules/fuel/models/fuel_users_model.php +++ b/fuel/modules/fuel/models/fuel_users_model.php @@ -537,11 +537,11 @@ public function on_before_save($values) // added here instead of on_before_clean in case of any cleaning that may alter the salt and password values - if (!empty($values['new_password'])) + if (!empty($values['password'])) { $values['salt'] = substr($this->salt(), 0, 32); - $values['password'] = $this->salted_password_hash($values['new_password'], $values['salt']); + $values['password'] = $this->salted_password_hash($values['password'], $values['salt']); } return $values; @@ -683,4 +683,4 @@ function get_name() return $this->first_name.' '.$this->last_name; } -} \ No newline at end of file +} From 1989c3f4ca5fe0b671a073e82cdf2a53d4b049e3 Mon Sep 17 00:00:00 2001 From: SystemDisc Date: Tue, 26 Aug 2014 14:31:40 -0400 Subject: [PATCH 2/2] fixed bug with possible undefined variable since the logic statement above uses or, there are times when $has_uri is unset using (!empty($has_uri)) instead of ($has_uri) prevents PHP throwing an error/warning --- fuel/modules/fuel/libraries/Fuel_modules.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fuel/modules/fuel/libraries/Fuel_modules.php b/fuel/modules/fuel/libraries/Fuel_modules.php index 2e2e1c3e6..505e58f32 100644 --- a/fuel/modules/fuel/libraries/Fuel_modules.php +++ b/fuel/modules/fuel/libraries/Fuel_modules.php @@ -248,7 +248,7 @@ public function get($module = NULL, $include_advanced = TRUE) $modules = $this->get(NULL, FALSE); foreach($modules as $key => $mod) { - if (strtolower($mod->info('model_name')) == $module OR ($has_uri AND $mod->info('module_uri') == $module)) + if (strtolower($mod->info('model_name')) == $module OR (!empty($has_uri) AND $mod->info('module_uri') == $module)) { $module = $key; break; @@ -1138,4 +1138,4 @@ public function __get($var) } /* End of file Fuel_modules.php */ -/* Location: ./modules/fuel/libraries/fuel/Fuel_modules.php */ \ No newline at end of file +/* Location: ./modules/fuel/libraries/fuel/Fuel_modules.php */