Commit 6cc8cefb authored by tbrehm's avatar tbrehm

Fixed: FS#1560 - Change password encoding in client and reseller edit script.

parent 7c619fc7
......@@ -150,9 +150,17 @@ class page_action extends tform_actions {
$active = 1;
$language = $app->db->quote($this->dataRecord["language"]);
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
$password = crypt(stripslashes($password),$salt);
// Create the controlpaneluser for the client
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
$app->db->query($sql);
//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
......@@ -193,8 +201,15 @@ class page_action extends tform_actions {
// password changed
if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
$password = $app->db->quote($this->dataRecord["password"]);
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
$password = crypt(stripslashes($password),$salt);
$client_id = $this->id;
$sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id";
$sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
$app->db->query($sql);
}
......
......@@ -150,9 +150,17 @@ class page_action extends tform_actions {
$active = 1;
$language = $app->db->quote($this->dataRecord["language"]);
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
$password = crypt(stripslashes($password),$salt);
// Create the controlpaneluser for the reseller
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
$app->db->query($sql);
//* set the number of clients to 1
......@@ -188,7 +196,14 @@ class page_action extends tform_actions {
if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
$password = $app->db->quote($this->dataRecord["password"]);
$client_id = $this->id;
$sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id";
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
$password = crypt(stripslashes($password),$salt);
$sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
$app->db->query($sql);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment