From 08a3c5ac7f88f86e28dce0e899ac36433a68add0 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Mon, 25 Aug 2008 14:41:04 -0400
Subject: [PATCH] use better SQL date, fix security problem with OpenID logins

darcs-hash:20080825184104-84dde-5735c1791002a12c3417603dc85da31ea868f263.gz
---
 classes/User.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/classes/User.php b/classes/User.php
index 491f68df24..1a650c4242 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -148,6 +148,8 @@ class User extends DB_DataObject
 	
 	static function register($fields) {
 
+		# MAGICALLY put fields into current scope
+		
 		extract($fields);
 		
 		$profile = new Profile();
@@ -169,7 +171,8 @@ class User extends DB_DataObject
 		if ($location) {
 			$profile->location = $location;
 		}
-		$profile->created = DB_DataObject_Cast::dateTime(); # current time
+		
+		$profile->created = common_sql_now();
 		
 		$id = $profile->insert();
 
@@ -182,8 +185,12 @@ class User extends DB_DataObject
 		
 		$user->id = $id;
 		$user->nickname = $nickname;
-		$user->password = common_munge_password($password, $id);
-		$user->created =  DB_DataObject_Cast::dateTime(); # current time
+
+		if ($password) { # may not have a password for OpenID users
+			$user->password = common_munge_password($password, $id);
+		}
+		
+		$user->created = common_sql_now();
 		$user->uri = common_user_uri($user);
 
 		$result = $user->insert();