BUG 6255 User passwords are stored in clear text in the database

Passwords were stored in clear text just in some circunstances.. specially when the user it self change its password. Now every time PM stores a password it is stored encrypted.

workflow/engine/methods/users/myInfo_Save.php

@@ -67,7 +67,7 @@ try {ini_set('display_errors','1');
 	    $aData['USR_PASSWORD'] = $_POST['form']['USR_PASSWORD'];
 	    require_once 'classes/model/UsersProperties.php';
       $oUserProperty = new UsersProperties();
-      $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_POST['form']['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($_POST['form']['USR_NEW_PASS']))));
+      $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_POST['form']['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array(md5($_POST['form']['USR_NEW_PASS'])))));
       $aErrors       = $oUserProperty->validatePassword($_POST['form']['USR_NEW_PASS'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME']);
       if (count($aErrors) > 0) {
         $sDescription = G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
@@ -168,4 +168,4 @@ try {ini_set('display_errors','1');
 catch (Exception $oException) {
 	die($oException->getMessage());
 }
-?>
+?>

workflow/engine/methods/users/users_Save.php

@@ -135,7 +135,7 @@ try {
         $aData['USR_PASSWORD'] = $form['USR_PASSWORD'];
         require_once 'classes/model/UsersProperties.php';
         $oUserProperty = new UsersProperties();
-        $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($form['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($form['USR_PASSWORD']))));
+        $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($form['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array(md5($form['USR_PASSWORD'])))));
         
         $RBAC->loadUserRolePermission( 'PROCESSMAKER', $_SESSION['USER_LOGGED'] );
          if( $RBAC->aUserInfo[ 'PROCESSMAKER' ]['ROLE']['ROL_CODE']=='PROCESSMAKER_ADMIN'){