From 44004fa372c411e6bc33394434a9cdde8ec73e11 Mon Sep 17 00:00:00 2001
From: Jesusaves <cpntb1@ymail.com>
Date: Sun, 23 Jan 2022 14:47:09 -0300
Subject: Use TMW hash on user password when changing it. It is not really an
 improvement, and is only used when changing password.

Server still handles it internally as plain-text, but should avoid
the password from being reused in a compromise... Maybe.
---
 src/elogin/parse.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/elogin/parse.c b/src/elogin/parse.c
index 9156cb4..73e1ab1 100644
--- a/src/elogin/parse.c
+++ b/src/elogin/parse.c
@@ -206,7 +206,8 @@ void elogin_parse_change_paassword(int fd)
     {
         // changed ok
         status = 1;
-        safestrncpy(acc.pass, new_pass, sizeof(acc.pass));
+        // Hash password
+        safestrncpy(acc.pass, MD5_saltcrypt(new_pass, make_salt()), sizeof(acc.pass));
         login->accounts->save(login->accounts, &acc);
     }
     else
-- 
cgit v1.2.3-60-g2f50