ISPConfig3 devel
parent: c752c6a2 | patch | commit | ignore whitespace
tbrehm
2012-05-29 5764f8edda74ef79bdae1c240b36b54c9790fa7c 
Fixed: FS#2263 - Password does not get encrypted properly when the soap database update function is used
2 files modified
17 ■■■■■ changed files
interface/lib/classes/remoting.inc.php 1 ●●●● patch | view | raw | blame | history
interface/lib/classes/remoting_lib.inc.php 16 ●●●●● patch | view | raw | blame | history 
 interface/lib/classes/remoting.inc.php


@@ -2430,6 +2430,7 @@


        


        //* Get the SQL query


        $sql = $app->remoting_lib->getSQL($params,'UPDATE',$primary_id);


        // $this->server->fault('debug', $sql);


        if($app->remoting_lib->errorMessage != '') {


            $this->server->fault('data_processing_error', $app->remoting_lib->errorMessage);


            return false;




 interface/lib/classes/remoting_lib.inc.php


@@ -608,17 +608,19 @@


                                                        $sql_insert_val .= "'".$record[$key]."', ";


                                                }


                                        } else {


										


                                                if($field['formtype'] == 'PASSWORD') {


                                                        if($field['encryption'] == 'CRYPT') {


                                                        if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {


                                                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));


                                                        } elseif ($field['encryption'] == 'MYSQL') {


                                                                $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";


                                                        } elseif ($field['encryption'] == 'CLEARTEXT') {


                                                                $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";


                                                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";


                                                        } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {


                                                                $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";


                                                        } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {


                                                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";


                                                        } else {


                                                                $record[$key] = md5($record[$key]);


                                                                $record[$key] = md5(stripslashes($record[$key]));


                                                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";


                                                        }


                                                        $sql_update .= "`$key` = '".$record[$key]."', ";


                                                } elseif ($field['formtype'] == 'CHECKBOX') {


                                                        if($record[$key] == '') {


                                                            // if a checkbox is not set, we set it to the unchecked value