Add warning for plaintext passwords, set default password mode to secure

sebastiansterk · sebastiansterk · commit 5dc9b1db12c1 · 2019-08-01T12:55:52.000+02:00
Signed-off-by: Sebastian Sterk &lt;sebastian@wiuwiu.de&gt;
diff --git a/README.md b/README.md
@@ -195,7 +195,7 @@ Add the following to your `config.php`:
                     2 => 'dbuser',
                     3 => 'dbuserpassword',
                     4 => 'xmppdomain',
-		    5 => true,
+                    5 => true,
                 ),
             ),
     ),
@@ -207,6 +207,9 @@ Add the following to your `config.php`:
 4 - XMPP Domain
 5 - Hashed Passwords in Database (true) / Plaintext Passwords in Database (false)
 
+**⚠⚠ Warning:** If you need to set *5 (Hashed Password in Database)* to false, your Prosody Instance is storing passwords in plaintext. This is insecure and not recommended. We highly recommend that you change your Prosody configuration to protect the passwords of your Prosody users. ⚠⚠
+
+
 Alternatives
 ------------
 Other extensions allow connecting to external user databases directly via SQL, which may be faster:
diff --git a/lib/xmpp.php b/lib/xmpp.php
@@ -22,7 +22,7 @@ class OC_User_XMPP extends \OCA\user_external\Base {
 	private $xmppDomain;
 	private $passwordHashed;
 
-	public function __construct($host, $xmppDb, $xmppDbUser, $xmppDbPassword, $xmppDomain, $passwordHashed) {
+	public function __construct($host, $xmppDb, $xmppDbUser, $xmppDbPassword, $xmppDomain, $passwordHashed = true) {
 		parent::__construct($host);
 		$this->host = $host;
 		$this->xmppDb = $xmppDb;
