From c5b1c39b80a592a4d05fd969566fe8766c1448ae Mon Sep 17 00:00:00 2001 From: "conan (aka Fernando L. Canizo)" Date: Tue, 26 Apr 2011 11:47:11 -0300 Subject: [PATCH] Bug 3674: reimplementation MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit 05eb43f5fc00889420e03845b5059d80bf1663ad reverted a previous implementation of 3674. 3674 was encoding the password field when it was meant to be disabled (password='!'), and then, in Auth.pm we were trying to compare an encoded '!' with '!', which will never succeed. This gets sure we encode only provided passwords and also includes an auto generated login. Signed-off-by: Frédéric Demians Signed-off-by: Ian Walls Signed-off-by: Chris Cormack --- C4/Members.pm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/C4/Members.pm b/C4/Members.pm index aab3caa6bc..9049534fb3 100644 --- a/C4/Members.pm +++ b/C4/Members.pm @@ -802,8 +802,10 @@ Returns as undef upon any db error without further processing sub AddMember { my (%data) = @_; my $dbh = C4::Context->dbh; - $data{'userid'} = '' unless $data{'password'}; - $data{'password'} = md5_base64( $data{'password'} ) if $data{'password'}; + # generate a proper login if none provided + $data{'userid'} = Generate_Userid($data{'borrowernumber'}, $data{'firstname'}, $data{'surname'}) if $data{'userid'} eq ''; + # create a disabled account if no password provided + $data{'password'} = ($data{'password'})? md5_base64($data{'password'}) : '!'; $data{'borrowernumber'}=InsertInTable("borrowers",\%data); # mysql_insertid is probably bad. not necessarily accurate and mysql-specific at best. logaction("MEMBERS", "CREATE", $data{'borrowernumber'}, "") if C4::Context->preference("BorrowersLog"); -- 2.39.5