Commit f17dab42 authored by vogelor's avatar vogelor
Browse files

The webdav user pwd was hased twice. Now it is working fine

parent 94927b95
...@@ -166,12 +166,13 @@ class page_action extends tform_actions { ...@@ -166,12 +166,13 @@ class page_action extends tform_actions {
$data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ".intval($this->id)); $data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ".intval($this->id));
$this->dataRecord["username"] = $data['username']; $this->dataRecord["username"] = $data['username'];
$this->dataRecord["dir"] = $data['dir']; $this->dataRecord["dir"] = $data['dir'];
$passwordOld = $data['password'];
/* /*
* We shall not save the pwd in plaintext, so we store it as the hash, the apache-moule * We shall not save the pwd in plaintext, so we store it as the hash, the apache-moule
* needs (only if the pwd is changed * needs (only if the pwd is changed)
*/ */
if (isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') { if ((isset($this->dataRecord["password"])) && ($this->dataRecord["password"] != '') && ($this->dataRecord["password"] != $passwordOld)) {
$hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]); $hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]);
$this->dataRecord["password"] = $hash; $this->dataRecord["password"] = $hash;
} }
......
...@@ -1085,7 +1085,6 @@ class apache2_plugin { ...@@ -1085,7 +1085,6 @@ class apache2_plugin {
$changed = false; $changed = false;
$in = fopen($filename, 'r'); $in = fopen($filename, 'r');
$output = ''; $output = '';
/* /*
* read line by line and search for the username and authname * read line by line and search for the username and authname
*/ */
...@@ -1096,10 +1095,9 @@ class apache2_plugin { ...@@ -1096,10 +1095,9 @@ class apache2_plugin {
/* /*
* found the user. delete or change it? * found the user. delete or change it?
*/ */
if ($pwd != '') { if ($pwdhash != '') {
$tmp[2] = $pwdhash; $output .= $tmp[0] . ':' . $tmp[1] . ':' . $pwdhash . "\n";
$output .= $tmp[0] . ':' . $tmp[1] . ':' . $tmp[2] . "\n"; }
}
$changed = true; $changed = true;
} }
else { else {
...@@ -1110,7 +1108,7 @@ class apache2_plugin { ...@@ -1110,7 +1108,7 @@ class apache2_plugin {
* if we didn't change anything, we have to add the new user at the end of the file * if we didn't change anything, we have to add the new user at the end of the file
*/ */
if (!$changed) { if (!$changed) {
$output .= $username . ':' . $authname . ':' . md5($username . ':' . $authname . ':' . $pwd) . "\n"; $output .= $username . ':' . $authname . ':' . $pwdhash . "\n";
} }
fclose($in); fclose($in);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment