Mascali
/
raspisms
mirror of https://github.com/RaspbianFrance/raspisms.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

disable password autocomplete and fix password not hashed on update

This commit is contained in:
osaajani 2021-06-14 21:43:03 +02:00
parent 17d91873d4
commit 7a20cbb286
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
controllers/publics/User.php
View File

@ -390,7 +390,7 @@ class User extends \descartes\Controller
if ($password) if ($password)
{ {
$updated_user['password'] = $password; $updated_user['password'] = password_hash($password, PASSWORD_DEFAULT);
} }
$success = $this->internal_user->update($id_user, $updated_user, $quota); $success = $this->internal_user->update($id_user, $updated_user, $quota);

2
templates/account/show.php
View File

@ -53,7 +53,7 @@
<form action="<?php echo \descartes\Router::url('Account', 'update_password', ['csrf' => $_SESSION['csrf']]); ?>" method="POST"> <form action="<?php echo \descartes\Router::url('Account', 'update_password', ['csrf' => $_SESSION['csrf']]); ?>" method="POST">
<div class="form-group"> <div class="form-group">
<label>Mot de passe :</label> <label>Mot de passe :</label>
<input name="password" type="password" class="form-control" placeholder="Nouveau mot de passe" /> <input name="password" type="password" class="form-control" placeholder="Nouveau mot de passe" autocomplete="new-password" />
</div> </div>
<div class="text-center"> <div class="text-center">
<button class="btn btn-success">Mettre à jour les données</button> <button class="btn btn-success">Mettre à jour les données</button>

2
templates/user/add.php
View File

@ -49,7 +49,7 @@
<label>Mot de passe (laissez vide pour générer le mot de passe automatiquement)</label> <label>Mot de passe (laissez vide pour générer le mot de passe automatiquement)</label>
<div class="form-group input-group"> <div class="form-group input-group">
<span class="input-group-addon"><span class="fa fa-lock"></span></span> <span class="input-group-addon"><span class="fa fa-lock"></span></span>
<input name="password" class="form-control" type="password" placeholder="Mot de passe de l'utilisateur" value="<?php $this->s($_SESSION['previous_http_post']['password'] ?? ''); ?>"> <input name="password" class="form-control" type="password" placeholder="Mot de passe de l'utilisateur" autocomplete="new-password" value="<?php $this->s($_SESSION['previous_http_post']['password'] ?? ''); ?>">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">

2
templates/user/edit.php
View File

@ -50,7 +50,7 @@
<label>Mot de passe (laissez vide pour conserver le mot de passe actuel)</label> <label>Mot de passe (laissez vide pour conserver le mot de passe actuel)</label>
<div class="form-group input-group"> <div class="form-group input-group">
<span class="input-group-addon"><span class="fa fa-lock"></span></span> <span class="input-group-addon"><span class="fa fa-lock"></span></span>
<input name="users[<?php $this->s($user['id']); ?>][password]" class="form-control" type="password" placeholder="Mot de passe de l'utilisateur" value=""> <input name="users[<?php $this->s($user['id']); ?>][password]" class="form-control" type="password" autocomplete="new-password" placeholder="Mot de passe de l'utilisateur" value="">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">