disable password autocomplete and fix password not hashed on update

2021-06-14 21:43:03 +02:00 · 2021-06-14 21:43:03 +02:00 · 7a20cbb286
parent 17d91873d4
commit 7a20cbb286
4 changed files with 4 additions and 4 deletions
--- a/controllers/publics/User.php
+++ b/controllers/publics/User.php
@ -390,7 +390,7 @@ class User extends \descartes\Controller

            if ($password)
            {
-                $updated_user['password'] = $password;
+                $updated_user['password'] = password_hash($password, PASSWORD_DEFAULT);
            }

            $success = $this->internal_user->update($id_user, $updated_user, $quota);
--- a/templates/account/show.php
+++ b/templates/account/show.php
@ -53,7 +53,7 @@
 										<form action="<?php echo \descartes\Router::url('Account', 'update_password', ['csrf' => $_SESSION['csrf']]); ?>" method="POST">
 											<div class="form-group">
 												<label>Mot de passe :</label>
-												<input name="password" type="password" class="form-control" placeholder="Nouveau mot de passe" />
+												<input name="password" type="password" class="form-control" placeholder="Nouveau mot de passe" autocomplete="new-password" />
 											</div>	
 											<div class="text-center">
 												<button class="btn btn-success">Mettre à jour les données</button>	
--- a/templates/user/add.php
+++ b/templates/user/add.php
@ -49,7 +49,7 @@
 									<label>Mot de passe (laissez vide pour générer le mot de passe automatiquement)</label>
 									<div class="form-group input-group">
 										<span class="input-group-addon"><span class="fa fa-lock"></span></span>
-                                        <input name="password" class="form-control" type="password" placeholder="Mot de passe de l'utilisateur" value="<?php $this->s($_SESSION['previous_http_post']['password'] ?? ''); ?>">
+                                        <input name="password" class="form-control" type="password" placeholder="Mot de passe de l'utilisateur" autocomplete="new-password" value="<?php $this->s($_SESSION['previous_http_post']['password'] ?? ''); ?>">
 									</div>
 								</div>
                                <div class="form-group">
--- a/templates/user/edit.php
+++ b/templates/user/edit.php
@ -50,7 +50,7 @@
                                        <label>Mot de passe (laissez vide pour conserver le mot de passe actuel)</label>
                                        <div class="form-group input-group">
                                            <span class="input-group-addon"><span class="fa fa-lock"></span></span>
-                                            <input name="users[<?php $this->s($user['id']); ?>][password]" class="form-control" type="password" placeholder="Mot de passe de l'utilisateur" value="">
+                                            <input name="users[<?php $this->s($user['id']); ?>][password]" class="form-control" type="password" autocomplete="new-password" placeholder="Mot de passe de l'utilisateur" value="">
                                        </div>
                                    </div>
                                    <div class="form-group">