From 5764f8edda74ef79bdae1c240b36b54c9790fa7c Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 29 May 2012 09:10:41 +0000
Subject: [PATCH] Fixed: FS#2263 - Password does not get encrypted properly
 when the soap database update function is used

---
 interface/lib/classes/remoting.inc.php     |  1 +
 interface/lib/classes/remoting_lib.inc.php | 16 +++++++++-------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index e54c5235b..bd6877578 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -2430,6 +2430,7 @@ class remoting {
 		
 		//* Get the SQL query
 		$sql = $app->remoting_lib->getSQL($params,'UPDATE',$primary_id);
+		// $this->server->fault('debug', $sql);
 		if($app->remoting_lib->errorMessage != '') {
 			$this->server->fault('data_processing_error', $app->remoting_lib->errorMessage);
 			return false;
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index f9b6e72e5..d100f150c 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -608,17 +608,19 @@ class remoting_lib {
                                                         $sql_insert_val .= "'".$record[$key]."', ";
                                                 }
                                         } else {
+										
                                                 if($field['formtype'] == 'PASSWORD') {
-														if($field['encryption'] == 'CRYPT') {
+														if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
                                                                 $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
-                                                        } elseif ($field['encryption'] == 'MYSQL') {
-																$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
-														} elseif ($field['encryption'] == 'CLEARTEXT') {
-																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
+																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
+														} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
+																$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
+														} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
+																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                                                         } else {
-                                                                $record[$key] = md5($record[$key]);
+                                                                $record[$key] = md5(stripslashes($record[$key]));
+																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                                                         }
-                                                        $sql_update .= "`$key` = '".$record[$key]."', ";
                                                 } elseif ($field['formtype'] == 'CHECKBOX') {
 														if($record[$key] == '') {
 															// if a checkbox is not set, we set it to the unchecked value
-- 
GitLab