From 1abce9b2faa21bac3caa52f9589f4cb835e2dd5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=BCrni?= <ispconfig@mail.fuerni.eu>
Date: Tue, 29 Mar 2016 18:28:55 +0200
Subject: [PATCH] Support different Crypt Hash Algorithms
---
interface/web/login/index.php | 20 ++++++--------------
1 file changed, 6 insertions(+), 14 deletions(-)
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 4df3703396..5339f04294 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -157,9 +157,8 @@ if(count($_POST) > 0) {
$user = false;
if($mailuser) {
$saved_password = stripslashes($mailuser['password']);
- $salt = '$1$'.substr($saved_password, 3, 8).'$';
//* Check if mailuser password is correct
- if(crypt(stripslashes($password), $salt) == $saved_password) {
+ if(crypt(stripslashes($password), $saved_password) == $saved_password) {
//* we build a fake user here which has access to the mailuser module only and userid 0
$user = array();
$user['userid'] = 0;
@@ -182,22 +181,15 @@ if(count($_POST) > 0) {
$user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
- if(substr($saved_password, 0, 3) == '$1$') {
- //* The password is crypt-md5 encrypted
- $salt = '$1$'.substr($saved_password, 3, 8).'$';
- if(crypt(stripslashes($password), $salt) != $saved_password) {
- $user = false;
- }
- } elseif(substr($saved_password, 0, 3) == '$5$') {
- //* The password is crypt-sha256 encrypted
- $salt = '$5$'.substr($saved_password, 3, 16).'$';
- if(crypt(stripslashes($password), $salt) != $saved_password) {
+ if(substr($saved_password, 0, 1) == '$') {
+ //* The password is encrypted with crypt
+ if(crypt(stripslashes($password), $saved_password) != $saved_password) {
$user = false;
}
} else {
- //* The password is md5 encrypted
+ //* The password is md5 encrypted
if(md5($password) != $saved_password) {
- $user = false;
+ $user = false;
}
}
} else {
--
GitLab