Merge branch 'implement-passwordhash' into develop

author: vincent-peugnet <v.peugnet@free.fr> 2019-01-15 04:02:13 +0100
committer: vincent-peugnet <v.peugnet@free.fr> 2019-01-15 04:02:13 +0100
commit: 8e79f279938f0fff64ddd381d073c2c277dd2d5c (patch)
tree: bfb4b6f596b148e5d4b07ff9db0030b212bf6d28 /app/class/controlleruser.php
parent: 393709dcf84776c760146722560816172167fe98 (diff)
parent: b361e2e5d5bdb6cc6256d50f8292c910fc4d3de0 (diff)
download: wcms-8e79f279938f0fff64ddd381d073c2c277dd2d5c.tar.gz
wcms-8e79f279938f0fff64ddd381d073c2c277dd2d5c.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php
index 2b32993..65fb2bc 100644
--- a/app/class/controlleruser.php
+++ b/app/class/controlleruser.php
@@ -23,9 +23,12 @@ class Controlleruser extends Controller
             $user = new User($_POST);
             if(empty($user->id()) || $this->usermanager->get($user)) {
                 $this->routedirectget('user', ['error' => 'wrong_id']);
-            } elseif(empty($user->password()) || $this->usermanager->passwordexist($user->password())) {
+            } elseif(empty($user->password()) || $this->usermanager->passwordexist($user->password()) || !$user->validpassword()) {
                 $this->routedirectget('user', ['error' => 'change_password']);
             } else {
+                if($user->passwordhashed()) {
+                    $user->hashpassword();
+                }
                 $this->usermanager->add($user);
                 $this->routedirect('user');
             }
@@ -62,13 +65,19 @@ class Controlleruser extends Controller
                     $userupdate->hydrate($_POST);
                     if(empty($userupdate->id())) {
                         $this->routedirectget('user', ['error' => 'wrong_id']);
-                    } elseif (!empty($_POST['password']) && (empty($userupdate->password())  || $this->usermanager->passwordexist($userupdate->password()))) {
-                        $this->routedirectget('user', ['error' => 'change_password']);
+                    } elseif (!empty($_POST['password']) && (empty($userupdate->password())  || $this->usermanager->passwordexist($userupdate->password()) || !$userupdate->validpassword())) {
+                        $this->routedirectget('user', ['error' => 'password_unvalid']);
                     } elseif (empty($userupdate->level())) {
                         $this->routedirectget('user', ['error' => 'wrong_level']);
                     } elseif ($user->level() === 10 && $userupdate->level() !== 10 && $this->user->id() === $user->id()) {
                         $this->routedirectget('user', ['error' => 'cant_edit_yourself']);
                     } else {
+                        if($userupdate->password() !== $user->password() && $user->passwordhashed()) {
+                            $userupdate->setpasswordhashed(false);
+                        }
+                        if($userupdate->passwordhashed() && !$user->passwordhashed()) {
+                            $userupdate->hashpassword();
+                        }
                         $this->usermanager->add($userupdate);
                         $this->routedirect('user');
                     }
author	vincent-peugnet <v.peugnet@free.fr>	2019-01-15 04:02:13 +0100
committer	vincent-peugnet <v.peugnet@free.fr>	2019-01-15 04:02:13 +0100
commit	8e79f279938f0fff64ddd381d073c2c277dd2d5c (patch)
tree	bfb4b6f596b148e5d4b07ff9db0030b212bf6d28 /app/class/controlleruser.php
parent	393709dcf84776c760146722560816172167fe98 (diff)
parent	b361e2e5d5bdb6cc6256d50f8292c910fc4d3de0 (diff)
download	wcms-8e79f279938f0fff64ddd381d073c2c277dd2d5c.tar.gz wcms-8e79f279938f0fff64ddd381d073c2c277dd2d5c.zip