Merge branch 'password-update'

cdevroe · Jan 15, 2014 · ef55839 · ef55839
2 parents 97cc111 + b04eb10
commit ef55839
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/application/models/users_model.php b/application/models/users_model.php
@@ -132,6 +132,16 @@ function check_user_credentials()
         }
         else {
             $match = (md5($password) == $encrypted_password) ? true : false;
+
+            // Try to update to new password security since they are on old MD5
+            $hash  = generateHash($password);
+
+            // If hash is valid and match is valid
+            // Upgrade users to new encryption routine
+            if ($hash !== false && $match === true) {
+                $this->db->update('users', array('password' => $hash['encrypted'],'salt' => $hash['salt']), array('email' => $email));
+            }
+
         }
 
         // If a match, return array, else false

diff --git a/application/views/changelog.php b/application/views/changelog.php
@@ -5,6 +5,11 @@
     <h2>Changelog</h2>
 		<p>A quick list of what's new. Posted immediately upon update.</p>
 
+        <h4 id="0310"><a href="#0310">0.3.10 - 15 January 2014</a></h4>
+          <ul>
+            <li>Update: Users with old password encryption technique will be update to new encrypted password/salt upon next successful login.</li>
+          </ul>
+
         <h4 id="039"><a href="#039">0.3.9 - 15 January 2014</a></h4>
           <ul>
             <li>Bug: Fixing password issue. Forgot to store salt, DERP!</li>