Merge pull request #307 from laf/issue-laf-53

Updated adduser to check for existing user and use password hashing
librenms · Oct 11, 2014 · b400ff8 · b400ff8
2 parents 7b26b4d + 7f95922
commit b400ff8
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/html/includes/authentication/http-auth.inc.php b/html/includes/authentication/http-auth.inc.php
@@ -49,7 +49,13 @@ function auth_usermanagement()
 
 function adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd = '1')
 {
-  return dbInsert(array('username' => $username, 'password' => $password, 'level' => $level, 'email' => $email, 'realname' => $realname), 'users');
+    if (!user_exists($username)) {
+        $hasher = new PasswordHash(8, FALSE);
+        $encrypted = $hasher->HashPassword($password);
+        return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname), 'users');
+    } else {
+        return FALSE;
+    }
 }
 
 function user_exists($username)