[Noalyss-commit] [noalyss] 08/09: Adapt to security change

[Dany De Bontridder]

sparkyx pushed a commit to branch devel
in repository noalyss.

commit ad125d0321e3ced5b2013aa92ecf383f14c15135
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Sun Jan 16 12:50:15 2022 +0100

    Adapt to security change
---
 include/class/user.class.php | 6 ++++--
 unit-test/global.php         | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/include/class/user.class.php b/include/class/user.class.php
index 6bd612b5..405c96fa 100644
--- a/include/class/user.class.php
+++ b/include/class/user.class.php
@@ -42,7 +42,7 @@ class User
     var $name;
     var $active; //!< 1 active , 0 disables
     var $login; //!< login lower case
-    var $password; //!< password 
+    var $password; //!< md5 of the password
     var $email; //!< user's email
     var $access_mode; //!< MOBILE or PC depending if when connecting $login 
contains @mobile 
 
@@ -66,7 +66,9 @@ class User
     function can_connect()
     {
        $cn=new \Database();
-       $can_connect=$cn->get_value("select count(*) from ac_users where 
use_login=$1 and use_pass=$2",
+       $can_connect=$cn->get_value("select count(*) from ac_users 
+                                  where use_active=1 and
+                                  use_login=$1 and use_pass=$2",
                [$this->login,$this->password]);
        return $can_connect;
     }
diff --git a/unit-test/global.php b/unit-test/global.php
index 309b5747..65d6ad84 100644
--- a/unit-test/global.php
+++ b/unit-test/global.php
@@ -32,7 +32,7 @@ $g_parameter = new Noalyss_Parameter_Folder($g_connection);
 $_SESSION[SESSION_KEY.'use_name']='unit test';
 $_SESSION[SESSION_KEY.'use_first_name']='automatic';
 $_SESSION[SESSION_KEY.'g_user']='admin';
-$_SESSION[SESSION_KEY.'g_pass']='phpcompta';
+$_SESSION[SESSION_KEY.'g_pass']=md5('dany');
 $_SESSION[SESSION_KEY.'g_pagesize']='50';
 $_SESSION[SESSION_KEY.'csv_fieldsep']='0';
 $_SESSION[SESSION_KEY.'csv_decimal']='1';