From 6cc8cefb79c56224473c15b0e3cce6696733ef8e Mon Sep 17 00:00:00 2001 From: tbrehm Date: Mon, 4 Apr 2011 13:45:53 +0000 Subject: [PATCH] Fixed: FS#1560 - Change password encoding in client and reseller edit script. --- interface/web/client/client_edit.php | 19 +++++++++++++++++-- interface/web/client/reseller_edit.php | 19 +++++++++++++++++-- 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php index 5878794ba..2df08607e 100644 --- a/interface/web/client/client_edit.php +++ b/interface/web/client/client_edit.php @@ -150,9 +150,17 @@ class page_action extends tform_actions { $active = 1; $language = $app->db->quote($this->dataRecord["language"]); + $salt="$1$"; + $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; + for ($n=0;$n<8;$n++) { + $salt.=$base64_alphabet[mt_rand(0,63)]; + } + $salt.="$"; + $password = crypt(stripslashes($password),$salt); + // Create the controlpaneluser for the client $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) - VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")"; + VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")"; $app->db->query($sql); //* If the user who inserted the client is a reseller (not admin), we will have to add this new client group @@ -193,8 +201,15 @@ class page_action extends tform_actions { // password changed if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') { $password = $app->db->quote($this->dataRecord["password"]); + $salt="$1$"; + $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; + for ($n=0;$n<8;$n++) { + $salt.=$base64_alphabet[mt_rand(0,63)]; + } + $salt.="$"; + $password = crypt(stripslashes($password),$salt); $client_id = $this->id; - $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id"; + $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id"; $app->db->query($sql); } diff --git a/interface/web/client/reseller_edit.php b/interface/web/client/reseller_edit.php index 1c9a2a1aa..9ab636920 100644 --- a/interface/web/client/reseller_edit.php +++ b/interface/web/client/reseller_edit.php @@ -150,9 +150,17 @@ class page_action extends tform_actions { $active = 1; $language = $app->db->quote($this->dataRecord["language"]); + $salt="$1$"; + $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; + for ($n=0;$n<8;$n++) { + $salt.=$base64_alphabet[mt_rand(0,63)]; + } + $salt.="$"; + $password = crypt(stripslashes($password),$salt); + // Create the controlpaneluser for the reseller $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) - VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")"; + VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")"; $app->db->query($sql); //* set the number of clients to 1 @@ -188,7 +196,14 @@ class page_action extends tform_actions { if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') { $password = $app->db->quote($this->dataRecord["password"]); $client_id = $this->id; - $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id"; + $salt="$1$"; + $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; + for ($n=0;$n<8;$n++) { + $salt.=$base64_alphabet[mt_rand(0,63)]; + } + $salt.="$"; + $password = crypt(stripslashes($password),$salt); + $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id"; $app->db->query($sql); } -- GitLab