auth_base: choose random password if not supplied by auth module

master
Andrew Dolgov 12 years ago
parent a4fd183b58
commit ea46d90eee

@ -16,10 +16,12 @@ class Auth_Base {
// Auto-creates specified user if allowed by system configuration // Auto-creates specified user if allowed by system configuration
// Can be used instead of find_user_by_login() by external auth modules // Can be used instead of find_user_by_login() by external auth modules
function auto_create_user($login, $password) { function auto_create_user($login, $password = false) {
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) { if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
$user_id = $this->find_user_by_login($login); $user_id = $this->find_user_by_login($login);
if (!$password) $password = make_password();
if (!$user_id) { if (!$user_id) {
$login = $this->dbh->escape_string($login); $login = $this->dbh->escape_string($login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);

Loading…
Cancel
Save