user manage password close #69

users can change their passwords themself

4 files changed, 18 insertions, 6 deletions

diff --git a/app/class/Application.php b/app/class/Application.php
index 4ddf37e..48d898c 100644
--- a/app/class/Application.php
+++ b/app/class/Application.php
@@ -129,7 +129,7 @@ class Application
         <h2>
         <label for="password">Your password</label>
         </h2>
-        <input type="password" name="userinit[password]" id="password" minlength="4" maxlength="64" required>
+        <input type="password" name="userinit[password]" id="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>" required>
         <p><i>Your user passworder as first administrator.</i></p>
         </div>
         <input type="submit" value="set">
diff --git a/app/class/Controlleruser.php b/app/class/Controlleruser.php
index b148f5b..1586679 100644
--- a/app/class/Controlleruser.php
+++ b/app/class/Controlleruser.php
@@ -33,6 +33,9 @@ class Controlleruser extends Controller
         if($this->user->iseditor()) {
             $user = $this->usermanager->get($this->user);
             $user->hydrate($_POST);
+            if ($_POST['passwordhash']) {
+                $user->hashpassword();
+            }
             $this->usermanager->add($user);
             $this->routedirect('user');
         } else {
diff --git a/app/class/Model.php b/app/class/Model.php
index 6a8f111..1d8d27a 100644
--- a/app/class/Model.php
+++ b/app/class/Model.php
@@ -88,7 +88,6 @@ abstract class Model
 	const TEXT_ELEMENTS = ['header', 'nav', 'main', 'aside', 'footer'];
 
 	const MAX_ID_LENGTH = 64;
-	const PASSWORD_HASH = true;
 	const PASSWORD_MIN_LENGTH = 4;
 	const PASSWORD_MAX_LENGTH = 32;
 
diff --git a/app/class/User.php b/app/class/User.php
index b735309..518b096 100644
--- a/app/class/User.php
+++ b/app/class/User.php
@@ -208,11 +208,21 @@ class User extends Item
 
 
 
-
-    public function hashpassword()
+    /**
+     * Hash the password and set `$passwordhashed` to true.
+     * 
+     * @return bool true in cas of success, otherwise false.
+     */
+    public function hashpassword() : bool
     {
-        $this->password = password_hash($this->password, PASSWORD_DEFAULT);
-        $this->passwordhashed = true;
+        $hashedpassword = password_hash($this->password, PASSWORD_DEFAULT);
+        if (!empty($hashedpassword)) {
+            $this->password = $hashedpassword;
+            $this->passwordhashed = true;
+            return true;
+        } else {
+            return false;
+        }
     }
 
     public function validpassword()