Fixed issue #9430: AuditLog: Password logged as modified every time a…

…n user is modified Dev: Before, fake hashes were saved. After this patch, we save a descriptive message
LimeSurvey · Dec 29, 2014 · 25c0231 · 25c0231
1 parent 07a060a
commit 25c0231
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/plugins/AuditLog/AuditLog.php b/plugins/AuditLog/AuditLog.php
@@ -162,19 +162,24 @@ public function beforeUserSave()
                 $sAction='create';
                 $aOldValues=array();
                 // Indicate the password has changed but assign fake hash
-                $aNewValues['password']=hash('md5','67890');
+                $aNewValues['password']='*MASKED*PASSWORD*';
             }
             else
             {                
                 $oOldUser=$this->api->getUser($oUserData->uid);
                 $sAction='update';
                 $aOldValues=$oOldUser->getAttributes();
 
+                // Postgres delivers bytea fields as streams
+                if (gettype($aOldValues['password'])=='resource')
+                {
+                    $aOldValues['password'] = stream_get_contents($aOldValues['password']);
+                }
                 // If the password has changed then indicate that it has changed but assign fake hashes
                 if ($aNewValues['password']!=$aOldValues['password'])
                 {
-                    $aOldValues['password']=hash('md5','12345');
-                    $aNewValues['password']=hash('md5','67890');
+                    $aOldValues['password']='*MASKED*OLD*PASSWORD*';
+                    $aNewValues['password']='*MASKED*NEW*PASSWORD*';
                 };
             }