From f17dab422b048dd694dad7425cac7ecc2b0e9e58 Mon Sep 17 00:00:00 2001 From: vogelor Date: Thu, 10 Jun 2010 14:49:09 +0000 Subject: [PATCH] The webdav user pwd was hased twice. Now it is working fine --- interface/web/sites/webdav_user_edit.php | 5 +++-- server/plugins-available/apache2_plugin.inc.php | 10 ++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php index 1bd9416a5..5d5a617d8 100644 --- a/interface/web/sites/webdav_user_edit.php +++ b/interface/web/sites/webdav_user_edit.php @@ -166,12 +166,13 @@ class page_action extends tform_actions { $data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ".intval($this->id)); $this->dataRecord["username"] = $data['username']; $this->dataRecord["dir"] = $data['dir']; + $passwordOld = $data['password']; /* * We shall not save the pwd in plaintext, so we store it as the hash, the apache-moule - * needs (only if the pwd is changed + * needs (only if the pwd is changed) */ - if (isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') { + if ((isset($this->dataRecord["password"])) && ($this->dataRecord["password"] != '') && ($this->dataRecord["password"] != $passwordOld)) { $hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]); $this->dataRecord["password"] = $hash; } diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php index 61202c672..0ee377fe3 100644 --- a/server/plugins-available/apache2_plugin.inc.php +++ b/server/plugins-available/apache2_plugin.inc.php @@ -1085,7 +1085,6 @@ class apache2_plugin { $changed = false; $in = fopen($filename, 'r'); $output = ''; - /* * read line by line and search for the username and authname */ @@ -1096,10 +1095,9 @@ class apache2_plugin { /* * found the user. delete or change it? */ - if ($pwd != '') { - $tmp[2] = $pwdhash; - $output .= $tmp[0] . ':' . $tmp[1] . ':' . $tmp[2] . "\n"; - } + if ($pwdhash != '') { + $output .= $tmp[0] . ':' . $tmp[1] . ':' . $pwdhash . "\n"; + } $changed = true; } else { @@ -1110,7 +1108,7 @@ class apache2_plugin { * if we didn't change anything, we have to add the new user at the end of the file */ if (!$changed) { - $output .= $username . ':' . $authname . ':' . md5($username . ':' . $authname . ':' . $pwd) . "\n"; + $output .= $username . ':' . $authname . ':' . $pwdhash . "\n"; } fclose($in); -- GitLab