X-Git-Url: https://ruin.nu/git/?a=blobdiff_plain;ds=sidebyside;f=lib%2FNDWeb%2FController%2FSettings.pm;h=a9aaf96faf6b7d0a22c3939fab5c299cb7a89f71;hb=ab1ec1721c11a109546e162f87488db7dcfb9108;hp=3f09a435f8e57979dfa99e37b466432c901900bb;hpb=d5a506d05cc2bf53a76b6bf4beef12a34aedf023;p=ndwebbie.git

diff --git a/lib/NDWeb/Controller/Settings.pm b/lib/NDWeb/Controller/Settings.pm
index 3f09a43..a9aaf96 100644
--- a/lib/NDWeb/Controller/Settings.pm
+++ b/lib/NDWeb/Controller/Settings.pm
@@ -112,10 +112,16 @@ sub changePassword : Local {
 	my ( $self, $c ) = @_;
 	my $dbh = $c->model;
 
-	my $query = $dbh->prepare(q{UPDATE users SET password = MD5($1)
-		WHERE password = MD5($2) AND uid = $3
+	if (length $c->req->param('pass') < 4) {
+		$c->flash(error => "Your password need to be at least 4 characters");
+	} else {
+		my $query = $dbh->prepare(q{UPDATE users SET password = $1
+			WHERE password = crypt($2,password) AND uid = $3
 		});
-	$query->execute($c->req->param('pass'),$c->req->param('oldpass'),$c->user->id);
+		$query->execute($c->req->param('pass'),$c->req->param('oldpass'),$c->user->id);
+
+		$c->flash(error => "Old password was invalid") unless $query->rows;
+	}
 
 	$c->res->redirect($c->uri_for(''));
 }