diff options
| author | Columbiysky <c.7843543@gmail.com> | 2025-05-03 12:27:53 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-03 12:27:53 +0300 |
| commit | 85cbad3ef420ffdd7fec8657d247fdfe5e03903d (patch) | |
| tree | 56036fc74abb46dd5de231bd8eeeeea50e6fcf0c /web/controller/setting.go | |
| parent | 3d54e330514293e9385258da773be1a0e927a7f5 (diff) | |
feat: hashing user passwords
solves problems #2944, #2783
Diffstat (limited to 'web/controller/setting.go')
| -rw-r--r-- | web/controller/setting.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/web/controller/setting.go b/web/controller/setting.go index d04969dc..1ca65b07 100644 --- a/web/controller/setting.go +++ b/web/controller/setting.go @@ -4,6 +4,7 @@ import ( "errors" "time" + "x-ui/util/crypto" "x-ui/web/entity" "x-ui/web/service" "x-ui/web/session" @@ -84,7 +85,7 @@ func (a *SettingController) updateUser(c *gin.Context) { return } user := session.GetLoginUser(c) - if user.Username != form.OldUsername || user.Password != form.OldPassword { + if user.Username != form.OldUsername || !crypto.CheckPasswordHash(user.Password, form.OldPassword) { jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUser"), errors.New(I18nWeb(c, "pages.settings.toasts.originalUserPassIncorrect"))) return } @@ -95,7 +96,7 @@ func (a *SettingController) updateUser(c *gin.Context) { err = a.userService.UpdateUser(user.Id, form.NewUsername, form.NewPassword) if err == nil { user.Username = form.NewUsername - user.Password = form.NewPassword + user.Password, _ = crypto.HashPasswordAsBcrypt(form.NewPassword) session.SetLoginUser(c, user) } jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUser"), err) |