auth_base: choose random password if not supplied by auth module

This commit is contained in:
Andrew Dolgov 2013-05-07 12:36:09 +04:00
parent a4fd183b58
commit ea46d90eee

View file

@ -16,10 +16,12 @@ class Auth_Base {
// Auto-creates specified user if allowed by system configuration
// Can be used instead of find_user_by_login() by external auth modules
function auto_create_user($login, $password) {
function auto_create_user($login, $password = false) {
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
$user_id = $this->find_user_by_login($login);
if (!$password) $password = make_password();
if (!$user_id) {
$login = $this->dbh->escape_string($login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);