Skip to content
GitLab
Commit c614f1b4 authored by tbrehm's avatar tbrehm
Browse files

Fixed: FS#1741 - Password after update

parent e55c5bf3
Hide whitespace changes
Inline Side-by-side
interface/lib/classes/auth.inc.php
View file @ c614f1b4
......@@ -132,6 +132,16 @@ class auth {
}
return $password;
}
public function crypt_password($cleartext_password) {
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
return crypt($cleartext_password,$salt);
}
}
......
interface/lib/classes/tform.inc.php
View file @ c614f1b4
......@@ -903,15 +903,7 @@ class tform {
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if($field['encryption'] == 'CRYPT') {
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
//$salt.=chr(mt_rand(64,126));
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
// $salt = substr(md5(time()),0,2);
$record[$key] = crypt(stripslashes($record[$key]),$salt);
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'MYSQL') {
$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
......@@ -938,15 +930,7 @@ class tform {
} else {
if($field['formtype'] == 'PASSWORD') {
if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
//$salt.=chr(mt_rand(64,126));
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
// $salt = substr(md5(time()),0,2);
$record[$key] = crypt(stripslashes($record[$key]),$salt);
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
......
interface/web/client/client_edit.php
View file @ c614f1b4
......@@ -149,14 +149,7 @@ class page_action extends tform_actions {
$type = 'user';
$active = 1;
$language = $app->db->quote($this->dataRecord["language"]);
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
$password = crypt(stripslashes($password),$salt);
$password = $app->auth->crypt_password($password);
// Create the controlpaneluser for the client
//Generate ssh-rsa-keys
......
interface/web/login/password_reset.php
View file @ c614f1b4
......@@ -52,15 +52,8 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
$client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' AND email = '$email'");
if($client['client_id'] > 0) {
$new_password = md5 (uniqid (rand()));
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
//$salt.=chr(mt_rand(64,126));
$salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
$new_password_encrypted = crypt($new_password,$salt);
$new_password = $app->auth->get_random_password();
$new_password_encrypted = $app->auth->crypt_password($new_password);
$new_password_encrypted = $app->db->quote($new_password_encrypted);
$username = $app->db->quote($client['username']);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment