From 7f959221607542c49b0ba29e2e8e6dcd2c9f95e9 Mon Sep 17 00:00:00 2001
From: laf <neil@lathwood.co.uk>
Date: Mon, 6 Oct 2014 18:39:48 +0100
Subject: [PATCH] Updated adduser to check for existing user and use password
 hashing

---
 html/includes/authentication/http-auth.inc.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/html/includes/authentication/http-auth.inc.php b/html/includes/authentication/http-auth.inc.php
index 651785966d..883cd2d08d 100644
--- a/html/includes/authentication/http-auth.inc.php
+++ b/html/includes/authentication/http-auth.inc.php
@@ -49,7 +49,13 @@ function auth_usermanagement()
 
 function adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd = '1')
 {
-  return dbInsert(array('username' => $username, 'password' => $password, 'level' => $level, 'email' => $email, 'realname' => $realname), 'users');
+    if (!user_exists($username)) {
+        $hasher = new PasswordHash(8, FALSE);
+        $encrypted = $hasher->HashPassword($password);
+        return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname), 'users');
+    } else {
+        return FALSE;
+    }
 }
 
 function user_exists($username)