Commit 0df5c4b8 authored by Marius Burkard's avatar Marius Burkard
Browse files

Merge branch 'develop' into 'develop'

Improve security

Closes #5985 and #5984

See merge request !1380
parents fd59be55 a739ab22
......@@ -1227,8 +1227,8 @@ class installer_dist extends installer_base {
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
$sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
$this->db->query($sql, $conf['interface_password']);
$sql = "UPDATE sys_user SET passwort = ? WHERE username = 'admin';";
$this->db->query($sql, $this->crypt_password($conf['interface_password']));
}
if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
......@@ -1372,6 +1372,7 @@ class installer_dist extends installer_base {
//* Create the ispconfig log directory
if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
if(is_user('getmail')) {
exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
......
......@@ -1115,8 +1115,8 @@ class installer extends installer_base
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
$sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
$this->db->query($sql, $conf['interface_password']);
$sql = "UPDATE sys_user SET passwort = ? WHERE username = 'admin';";
$this->db->query($sql, $this->crypt_password($conf['interface_password']));
}
if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
......@@ -1252,6 +1252,7 @@ class installer extends installer_base
if (!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) {
touch($conf['ispconfig_log_dir'].'/ispconfig.log');
}
chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
//* Create the ispconfig auth log file and set uid/gid
if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
......
......@@ -1215,8 +1215,8 @@ class installer_dist extends installer_base {
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
$sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
$this->db->query($sql, $conf['interface_password']);
$sql = "UPDATE sys_user SET passwort = ? WHERE username = 'admin';";
$this->db->query($sql, $this->crypt_password($conf['interface_password']));
}
if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
......@@ -1369,6 +1369,7 @@ class installer_dist extends installer_base {
//* Create the ispconfig log directory
if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
if(is_user('getmail')) {
exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
......
......@@ -157,6 +157,34 @@ class installer_base {
else return true;
}
public function crypt_password($cleartext_password, $charset = 'UTF-8') {
if($charset != 'UTF-8') {
$cleartext_password = mb_convert_encoding($cleartext_password, $charset, 'UTF-8');
}
if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
$salt = '$6$rounds=5000$';
$salt_length = 16;
} elseif(defined('CRYPT_SHA256') && CRYPT_SHA256 == 1) {
$salt = '$5$rounds=5000$';
$salt_length = 16;
} else {
$salt = '$1$';
$salt_length = 12;
}
if(function_exists('openssl_random_pseudo_bytes')) {
$salt .= substr(bin2hex(openssl_random_pseudo_bytes($salt_length)), 0, $salt_length);
} else {
$base64_alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
for($n = 0; $n < $salt_length; $n++) {
$salt .= $base64_alphabet[mt_rand(0, 63)];
}
}
$salt .= "$";
return crypt($cleartext_password, $salt);
}
//** Detect installed applications
public function find_installed_apps() {
global $conf;
......@@ -3415,8 +3443,8 @@ class installer_base {
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
$sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
$this->db->query($sql, $conf['interface_password']);
$sql = "UPDATE sys_user SET passwort = ? WHERE username = 'admin';";
$this->db->query($sql, $this->crypt_password($conf['interface_password']));
}
if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
......@@ -3560,6 +3588,7 @@ class installer_base {
if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir'], 0755);
touch($conf['ispconfig_log_dir'].'/ispconfig.log');
}
chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
//* Create the ispconfig auth log file and set uid/gid
if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
......
......@@ -2580,7 +2580,7 @@ INSERT INTO `sys_theme` (`var_id`, `tpl_name`, `username`, `logo_url`) VALUES (N
-- Dumping data for table `sys_user`
--
INSERT INTO `sys_user` (`userid`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `username`, `passwort`, `modules`, `startmodule`, `app_theme`, `typ`, `active`, `language`, `groups`, `default_group`, `client_id`) VALUES (1, 1, 0, 'riud', 'riud', '', 'admin', '21232f297a57a5a743894a0e4a801fc3', 'dashboard,admin,client,mail,monitor,sites,dns,vm,tools,help', 'dashboard', 'default', 'admin', 1, 'en', '1,2', 1, 0);
INSERT INTO `sys_user` (`userid`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `username`, `passwort`, `modules`, `startmodule`, `app_theme`, `typ`, `active`, `language`, `groups`, `default_group`, `client_id`) VALUES (1, 1, 0, 'riud', 'riud', '', 'admin', 'xxx', 'dashboard,admin,client,mail,monitor,sites,dns,vm,tools,help', 'dashboard', 'default', 'admin', 1, 'en', '1,2', 1, 0);
-- --------------------------------------------------------
......
......@@ -171,14 +171,10 @@ class db
} elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
$sTxt = 'NULL';
} elseif(is_array($sValue)) {
if(isset($sValue['SQL'])) {
$sTxt = $sValue['SQL'];
} else {
$sTxt = '';
foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
$sTxt = '(' . substr($sTxt, 1) . ')';
if($sTxt == '()') $sTxt = '(0)';
}
$sTxt = '';
foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
$sTxt = '(' . substr($sTxt, 1) . ')';
if($sTxt == '()') $sTxt = '(0)';
} else {
$sTxt = '\'' . $this->escape($sValue) . '\'';
}
......@@ -258,7 +254,7 @@ class db
private function _query($sQuery = '') {
global $app;
$aArgs = func_get_args();
if ($sQuery == '') {
......@@ -354,7 +350,7 @@ class db
* @return array result row or NULL if none found
*/
public function queryOneRecord($sQuery = '') {
$aArgs = func_get_args();
if(!empty($aArgs)) {
$sQuery = array_shift($aArgs);
......@@ -363,7 +359,7 @@ class db
}
array_unshift($aArgs, $sQuery);
}
$oResult = call_user_func_array([&$this, 'query'], $aArgs);
if(!$oResult) return null;
......@@ -750,7 +746,7 @@ class db
foreach($insert_data as $key => $val) {
$key_str .= '??,';
$params[] = $key;
$val_str .= '?,';
$v_params[] = $val;
}
......@@ -764,7 +760,7 @@ class db
$this->query("INSERT INTO ?? $insert_data_str", $tablename);
$app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
}
$old_rec = array();
$index_value = $this->insertID();
if(!$index_value && isset($insert_data[$index_field])) {
......@@ -1112,7 +1108,7 @@ class db
* @access public
* @return string 'mariadb' or string 'mysql'
*/
public function getDatabaseType() {
$tmp = $this->queryOneRecord('SELECT VERSION() as version');
if(stristr($tmp['version'],'mariadb')) {
......@@ -1140,7 +1136,7 @@ class db
return $version[0];
}
}
/**
* Get a mysql password hash
*
......@@ -1150,9 +1146,9 @@ class db
*/
public function getPasswordHash($password) {
$password_type = 'password';
/* Disabled until caching_sha2_password is implemented
if($this->getDatabaseType() == 'mysql' && $this->getDatabaseVersion(true) >= 8) {
// we are in MySQL 8 mode
......@@ -1162,16 +1158,16 @@ class db
}
}
*/
if($password_type == 'caching_sha2_password') {
/*
caching_sha2_password hashing needs to be implemented, have not
caching_sha2_password hashing needs to be implemented, have not
found valid PHP implementation for the new password hash type.
*/
} else {
$password_hash = '*'.strtoupper(sha1(sha1($password, true)));
}
return $password_hash;
}
......
......@@ -83,23 +83,23 @@ if(count($_POST) > 0) {
* The actual user is NOT a admin or reseller, but maybe he
* has logged in as "normal" user before...
*/
if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){
/* The "old" user is admin or reseller, so everything is ok
* if he is reseller, we need to check if he logs in to one of his clients
*/
if($_SESSION['s_old']['user']['typ'] != 'admin') {
/* this is the one currently logged in (normal user) */
$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id);
/* this is the reseller, that shall be re-logged in */
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
$tmp = $app->db->queryOneRecord($sql, $username, $password);
$client_group_id = $app->functions->intval($tmp['default_group']);
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
die("You don't have the right to 'login as' this user!");
}
......@@ -115,12 +115,12 @@ if(count($_POST) > 0) {
/* a reseller wants to 'login as', we need to check if he is allowed to */
$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
/* this is the user the reseller wants to 'login as' */
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
$tmp = $app->db->queryOneRecord($sql, $username, $password);
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]);
if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) {
die("You don't have the right to login as this user!");
}
......@@ -129,16 +129,16 @@ if(count($_POST) > 0) {
unset($tmp_client);
}
$loginAs = true;
} else {
/* normal login */
$loginAs = false;
}
//* Check if there are already wrong logins
$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
$alreadyfailed = $app->db->queryOneRecord($sql, $ip);
//* too many failedlogins
if($alreadyfailed['times'] > 5) {
$error = $app->lng('error_user_too_many_logins');
......@@ -148,7 +148,7 @@ if(count($_POST) > 0) {
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
$user = $app->db->queryOneRecord($sql, $username, $password);
} else {
if(stristr($username, '@')) {
//* mailuser login
$sql = "SELECT * FROM mail_user WHERE login = ? or email = ?";
......@@ -160,7 +160,7 @@ if(count($_POST) > 0) {
if(crypt(stripslashes($password), $saved_password) == $saved_password) {
//* Get the sys_user language of the client of the mailuser
$sys_user_lang = $app->db->queryOneRecord("SELECT language FROM sys_user WHERE default_group = ?", $mailuser['sys_groupid'] );
//* we build a fake user here which has access to the mailuser module only and userid 0
$user = array();
$user['userid'] = 0;
......@@ -196,6 +196,10 @@ if(count($_POST) > 0) {
//* The password is md5 encrypted
if(md5($password) != $saved_password) {
$user = false;
} else {
// update password with secure algo
$sql = 'UPDATE `sys_user` SET `passwort` = ? WHERE `username` = ?';
$app->db->query($sql, $app->auth->crypt_password($password), $username);
}
}
} else {
......@@ -203,19 +207,19 @@ if(count($_POST) > 0) {
}
}
}
if($user) {
if($user['active'] == 1) {
// Maintenance mode - allow logins only when maintenance mode is off or if the user is admin
if(!$app->is_under_maintenance() || $user['typ'] == 'admin'){
// User login right, so attempts can be deleted
$sql = "DELETE FROM `attempts_login` WHERE `ip`=?";
$app->db->query($sql, $ip);
$user = $app->db->toLower($user);
if ($loginAs) $oldSession = $_SESSION['s'];
// Session regenerate causes login problems on some systems, see Issue #3827
// Set session_regenerate_id to no in security settings, it you encounter
// this problem.
......@@ -231,7 +235,7 @@ if(count($_POST) > 0) {
$_SESSION['s']['language'] = $app->functions->check_language($user['language']);
$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
if ($loginAs) $_SESSION['s']['plugin_cache'] = $_SESSION['s_old']['plugin_cache'];
if(is_file(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
include_once $app->functions->check_include_path(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php');
$menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d';
......@@ -257,20 +261,20 @@ if(count($_POST) > 0) {
$_SESSION['show_error_msg'] = $app->lng('theme_not_compatible');
}
}
$app->plugin->raiseEvent('login', $username);
//* Save successfull login message to var
$authlog = 'Successful login for user \''. $username .'\' from '. $_SERVER['REMOTE_ADDR'] .' at '. date('Y-m-d H:i:s') . ' with session ID ' .session_id();
$authlog = 'Successful login for user \''. $username .'\' from '. $_SERVER['REMOTE_ADDR'] .' at '. date('Y-m-d H:i:s') . ' with session ID ' .session_id();
$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a');
fwrite($authlog_handle, $authlog ."\n");
fclose($authlog_handle);
/*
* We need LOGIN_REDIRECT instead of HEADER_REDIRECT to load the
* new theme, if the logged-in user has another
*/
if ($loginAs){
echo 'LOGIN_REDIRECT:'.$_SESSION['s']['module']['startpage'];
exit;
......@@ -327,7 +331,7 @@ if($security_config['password_reset_allowed'] == 'yes') {
} else {
$app->tpl->setVar('pw_lost_show', 0);
}
$app->tpl->setVar('error', $error);
$app->tpl->setVar('error_txt', $app->lng('error_txt'));
$app->tpl->setVar('login_txt', $app->lng('login_txt'));
......
......@@ -47,7 +47,7 @@ include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$app->functions->check_language($c
$app->tpl->setVar($wb);
$continue = true;
if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
if(isset($_POST['username']) && is_string($_POST['username']) && $_POST['username'] != '' && isset($_POST['email']) && is_string($_POST['email']) && $_POST['email'] != '' && $_POST['username'] != 'admin') {
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) {
$app->tpl->setVar("error", $wb['user_regex_error']);
$continue = false;
......@@ -60,11 +60,13 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
$username = $_POST['username'];
$email = $_POST['email'];
$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NOT NULL AND DATE_SUB(NOW(), INTERVAL 15 MINUTE) < sys_user.lost_password_reqtime, 1, 0) as `lost_password_wait` FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
if($continue) {
$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NOT NULL AND DATE_SUB(NOW(), INTERVAL 15 MINUTE) < sys_user.lost_password_reqtime, 1, 0) as `lost_password_wait` FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
}
if($client['lost_password_function'] == 0) {
if($client && $client['lost_password_function'] == 0) {
$app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']);
} elseif($client['lost_password_wait'] == 1) {
} elseif($client && $client['lost_password_wait'] == 1) {
$app->tpl->setVar("error", $wb['lost_password_function_wait_txt']);
} elseif ($continue) {
if($client['client_id'] > 0) {
......@@ -111,7 +113,7 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
$app->tpl->setVar("error", $wb['user_regex_error']);
$continue = false;
}
$username = $_GET['username'];
$hash = $_GET['hash'];
......@@ -127,7 +129,7 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
if($client['client_id'] > 0) {
$server_config_array = $app->getconf->get_global_config();
$min_password_length = $app->auth->get_min_password_length();
$new_password = $app->auth->get_random_password($min_password_length, true);
$new_password_encrypted = $app->auth->crypt_password($new_password);
......
......@@ -250,7 +250,7 @@ class cronjob_quota_notify extends cronjob {
//* Send quota notifications
if(($web_config['overquota_notify_admin'] == 'y' || $web_config['overquota_notify_client'] == 'y') && $send_notification == true) {
$app->dbmaster->datalogUpdate('web_domain', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'domain_id', $rec['domain_id']);
$app->dbmaster->datalogUpdate('web_domain', array("last_quota_notification" => date('Y-m-d')), 'domain_id', $rec['domain_id']);
$placeholders = array('{domain}' => $rec['domain'],
'{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),
......@@ -379,7 +379,7 @@ class cronjob_quota_notify extends cronjob {
elseif($mail_config['overquota_notify_freq'] > 0 && $rec['notified_before'] >= $mail_config['overquota_notify_freq']) $send_notification = true;
if(($mail_config['overquota_notify_admin'] == 'y' || $mail_config['overquota_notify_client'] == 'y') && $send_notification == true) {
$app->dbmaster->datalogUpdate('mail_user', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'mailuser_id', $rec['mailuser_id']);
$app->dbmaster->datalogUpdate('mail_user', array("last_quota_notification" => date('Y-m-d')), 'mailuser_id', $rec['mailuser_id']);
$placeholders = array('{email}' => $rec['email'],
'{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),
......@@ -466,7 +466,7 @@ class cronjob_quota_notify extends cronjob {
//* Send quota notifications
if(($web_config['overquota_db_notify_admin'] == 'y' || $web_config['overquota_db_notify_client'] == 'y') && $send_notification == true) {
$app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'database_id', $rec['database_id']);
$app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => date('Y-m-d')), 'database_id', $rec['database_id']);
$placeholders = array(
'{database_name}' => $rec['database_name'],
'{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),
......
......@@ -171,14 +171,10 @@ class db
} elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
$sTxt = 'NULL';
} elseif(is_array($sValue)) {
if(isset($sValue['SQL'])) {
$sTxt = $sValue['SQL'];
} else {
$sTxt = '';
foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
$sTxt = '(' . substr($sTxt, 1) . ')';
if($sTxt == '()') $sTxt = '(0)';
}
$sTxt = '';
foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
$sTxt = '(' . substr($sTxt, 1) . ')';
if($sTxt == '()') $sTxt = '(0)';
} else {
$sTxt = '\'' . $this->escape($sValue) . '\'';
}
......@@ -258,7 +254,7 @@ class db
private function _query($sQuery = '') {
global $app;
$aArgs = func_get_args();
if ($sQuery == '') {
......@@ -354,7 +350,7 @@ class db
* @return array result row or NULL if none found
*/
public function queryOneRecord($sQuery = '') {
$aArgs = func_get_args();
if(!empty($aArgs)) {
$sQuery = array_shift($aArgs);
......@@ -363,7 +359,7 @@ class db
}
array_unshift($aArgs, $sQuery);
}
$oResult = call_user_func_array([&$this, 'query'], $aArgs);
if(!$oResult) return null;
......@@ -750,7 +746,7 @@ class db
foreach($insert_data as $key => $val) {
$key_str .= '??,';
$params[] = $key;
$val_str .= '?,';
$v_params[] = $val;
}
......@@ -764,7 +760,7 @@ class db
$this->query("INSERT INTO ?? $insert_data_str", $tablename);
$app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
}
$old_rec = array();
$index_value = $this->insertID();
if(!$index_value && isset($insert_data[$index_field])) {
......@@ -1140,7 +1136,7 @@ class db
return $version[0];
}
}
/**
* Get a mysql password hash
*
......@@ -1148,11 +1144,11 @@ class db
* @param string cleartext password
* @return string Password hash
*/
public function getPasswordHash($password) {
$password_type = 'password';
/* Disabled until caching_sha2_password is implemented
if($this->getDatabaseType() == 'mysql' && $this->getDatabaseVersion(true) >= 8) {
// we are in MySQL 8 mode
......@@ -1162,16 +1158,16 @@ class db
}
}
*/
if($password_type == 'caching_sha2_password') {
/*
caching_sha2_password hashing needs to be implemented, have not
caching_sha2_password hashing needs to be implemented, have not
found valid PHP implementation for the new password hash type.
*/
} else {
$password_hash = '*'.strtoupper(sha1(sha1($password, true)));
}
return $password_hash;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment