From f17dab422b048dd694dad7425cac7ecc2b0e9e58 Mon Sep 17 00:00:00 2001
From: vogelor <vogelor@ispconfig3>
Date: Thu, 10 Jun 2010 14:49:09 +0000
Subject: [PATCH] The webdav user pwd was hased twice. Now it is working fine

---
 interface/web/sites/webdav_user_edit.php        |  5 +++--
 server/plugins-available/apache2_plugin.inc.php | 10 ++++------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php
index 1bd9416a59..5d5a617d89 100644
--- a/interface/web/sites/webdav_user_edit.php
+++ b/interface/web/sites/webdav_user_edit.php
@@ -166,12 +166,13 @@ class page_action extends tform_actions {
 		$data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ".intval($this->id));
 		$this->dataRecord["username"] = $data['username'];
 		$this->dataRecord["dir"]      = $data['dir'];
+		$passwordOld = $data['password'];
 
 		/*
 		 * We shall not save the pwd in plaintext, so we store it as the hash, the apache-moule
-		 * needs (only if the pwd is changed
+		 * needs (only if the pwd is changed)
 		 */
-		if (isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
+		if ((isset($this->dataRecord["password"])) && ($this->dataRecord["password"] != '') && ($this->dataRecord["password"] != $passwordOld)) {
 			$hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]);
 			$this->dataRecord["password"] = $hash;
 		}
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 61202c6721..0ee377fe39 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1085,7 +1085,6 @@ class apache2_plugin {
 		$changed = false;
 		$in = fopen($filename, 'r');
 		$output = '';
-
 		/*
 		 * read line by line and search for the username and authname
 		*/
@@ -1096,10 +1095,9 @@ class apache2_plugin {
 				/*
 				 * found the user. delete or change it?
 				*/
-				if ($pwd != '') {
-					$tmp[2] = $pwdhash;
-					$output .= $tmp[0] . ':' . $tmp[1] . ':' . $tmp[2] . "\n";
-				}
+				if ($pwdhash != '') {
+					$output .= $tmp[0] . ':' . $tmp[1] . ':' . $pwdhash . "\n";
+					}
 				$changed = true;
 			}
 			else {
@@ -1110,7 +1108,7 @@ class apache2_plugin {
 		 * if we didn't change anything, we have to add the new user at the end of the file
 		*/
 		if (!$changed) {
-			$output .= $username . ':' . $authname . ':' . md5($username . ':' . $authname . ':' . $pwd) . "\n";
+			$output .= $username . ':' . $authname . ':' . $pwdhash . "\n";
 		}
 		fclose($in);
 
-- 
GitLab