Separated the persisted password (hashedPassword) from the password sent from the web request. Improved JSON serialization so it doesnt send as a response the hashed password and salt.

1 files changed, 4 insertions, 4 deletions

diff --git a/debug.xml b/debug.xml
index 84587f293..01bb66d60 100644
--- a/debug.xml
+++ b/debug.xml
@@ -43,7 +43,7 @@
         id INT PRIMARY KEY AUTO_INCREMENT,
         name VARCHAR(1024) NOT NULL,
         email VARCHAR(256) NOT NULL UNIQUE,
-        password VARCHAR(1024) NOT NULL,
+        hashedPassword VARCHAR(1024) NOT NULL,
         salt VARCHAR(1024) DEFAULT '' NOT NULL,
         readonly BOOLEAN DEFAULT false NOT NULL,
         admin BOOLEAN DEFAULT false NOT NULL,
@@ -141,8 +141,8 @@
     </entry>
 
     <entry key='database.insertUser'>
-        INSERT INTO user (name, email, password, salt, admin) 
-        VALUES (:name, :email, :password, :salt, :admin);
+        INSERT INTO user (name, email, hashedPassword, salt, admin)
+        VALUES (:name, :email, :hashedPassword, :salt, :admin);
     </entry>
         
     <entry key='database.updateUser'>
@@ -154,7 +154,7 @@
     </entry>
 
     <entry key='database.updateUserPassword'>
-        UPDATE user SET password = :password, salt = :salt WHERE id = :id;
+        UPDATE user SET hashedPassword = :hashedPassword, salt = :salt WHERE id = :id;
     </entry>
     
     <entry key='database.deleteUser'>