allow captured password for operationMode=local as well

cron.php

@@ -19,7 +19,9 @@ require_once(__DIR__ . "/language.php");
 require_once(__DIR__ . "/mail_templates.php");
 require_once(__DIR__ . "/database.php");
 
-$sql = "SELECT id, first_name, last_name, username, email, state, note, verify_token, admin_token FROM registrations "
+$sql = "SELECT id, first_name, last_name, username, password, email,"
+        . " state, note, verify_token, admin_token "
+        . "FROM registrations "
         . "WHERE state = " . RegisterState::PendingEmailSend
         . " OR state = " . RegisterState::PendingAdminSend
         . " OR state = " . RegisterState::PendingRegistration
@@ -87,7 +89,7 @@ foreach ($mx_db->query($sql) as $row) {
                         break;
                     case "local":
                         // register by adding a user to the local database
-                        $password = $mx_db->addUser($row["first_name"], $row["last_name"], $row["username"], $row["email"]);
+                        $password = $mx_db->addUser($row["first_name"], $row["last_name"], $row["username"], $row["password"], $row["email"]);
                         break;
                     default:
                         throw new Exception("Unknown operationMode");

database.php

@@ -98,7 +98,7 @@ class mxDatabase {
 			)");
         // make sure the bot is allowed to login
         if (!$this->userRegistered("register_bot")) {
-            $password = $this->addUser("Register", "Bot", "register_bot", $config["register_email"]);
+            $password = $this->addUser("Register", "Bot", "register_bot", NULL, $config["register_email"]);
             $config["register_password"] = $password;
             $myfile = fopen(dirname(__FILE__) . "/config.json", "w");
             fwrite($myfile, json_encode($config, JSON_PRETTY_PRINT));
@@ -283,14 +283,16 @@ class mxDatabase {
      * 			NULL when failed
      *
      */
-    function addUser($first_name, $last_name, $username, $email) {
+    function addUser($first_name, $last_name, $username, $password, $email) {
         // check if user already exists and abort in that case
         if ($this->userRegistered($username)) {
             return NULL;
         }
 
-        // generate a password with 10 characters
+        if ($password == NULL) {
-        $password = bin2hex(openssl_random_pseudo_bytes(5));
+            // generate a password with 10 characters
+            $password = bin2hex(openssl_random_pseudo_bytes(5));
+        }
         $password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => 12]);
 
         $sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES "

public/verify_admin.php

@@ -72,16 +72,16 @@ try {
 
         $password = NULL;
         $use_db_password = (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]);
+        if ($use_db_password && isset($user["password"]) && strlen($user["password"]) > 0) {
+            $password = $user["password"];
+        } else {
+            $use_db_password = false;
+            // generate a password with 10 characters
+            $password = bin2hex(openssl_random_pseudo_bytes(5));
+        }
         switch ($config["operationMode"]) {
             case "synapse":
                 // register with registration_shared_secret
-                if ($use_db_password && isset($user["password"]) && strlen($user["password"]) > 0) {
-                    $password = $user["password"];
-                } else {
-                    $use_db_password = false;
-                    // generate a password with 10 characters
-                    $password = bin2hex(openssl_random_pseudo_bytes(5));
-                }
                 $res = $mxConn->register($username, $password, $config["registration_shared_secret"]);
                 if (!$res) {
                     // something went wrong while registering
@@ -90,8 +90,7 @@ try {
                 break;
             case "local":
                 // register by adding a user to the local database
-                $use_db_password = false; // requires restructure to use db-provided pw
+                $password = $mx_db->addUser($first_name, $last_name, $username, $password, $email);
-                $password = $mx_db->addUser($first_name, $last_name, $username, $email);
                 break;
             default:
                 throw new Exception("Unknown operationMode");