Commit 70a85881 authored by tbrehm's avatar tbrehm

fixed password encryption mechanism in remoting API.

parent 40843b9d
......@@ -694,7 +694,7 @@ class remoting_lib {
$salt.="$";
$password = crypt(stripslashes($password),$salt);
$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
$app->db->query($sql1);
}
......@@ -703,7 +703,14 @@ class remoting_lib {
$username = $app->db->quote($params["username"]);
$password = $app->db->quote($params["password"]);
$client_id = intval($client_id);
$sql = "UPDATE sys_user set username = '$username', passwort = md5('$password') WHERE client_id = $client_id";
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
$password = crypt(stripslashes($password),$salt);
$sql = "UPDATE sys_user set username = '$username', passwort = '$password' WHERE client_id = $client_id";
$app->db->query($sql);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment