Fixed: FS#1560 - Change password encoding in client and reseller edit script.

tbrehm

2011-04-04 6cc8cefb79c56224473c15b0e3cce6696733ef8e

Fixed: FS#1560 - Change password encoding in client and reseller edit script.

 interface/web/client/client_edit.php

@@ -150,9 +150,17 @@
        $active = 1;
        $language = $app->db->quote($this->dataRecord["language"]);
        
        $salt="$1$";
        $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
        for ($n=0;$n<8;$n++) {
            $salt.=$base64_alphabet[mt_rand(0,63)];
        }
        $salt.="$";
        $password = crypt(stripslashes($password),$salt);
		
        // Create the controlpaneluser for the client
        $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
        VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
        VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
        $app->db->query($sql);
        
        //* If the user who inserted the client is a reseller (not admin), we will have to add this new client group 
@@ -193,8 +201,15 @@
        // password changed
        if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
            $password = $app->db->quote($this->dataRecord["password"]);
            $salt="$1$";
            $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
            for ($n=0;$n<8;$n++) {
                $salt.=$base64_alphabet[mt_rand(0,63)];
            }
            $salt.="$";
            $password = crypt(stripslashes($password),$salt);
            $client_id = $this->id;
            $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id";
            $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
            $app->db->query($sql);
        }
        

 interface/web/client/reseller_edit.php

@@ -150,9 +150,17 @@
        $active = 1;
        $language = $app->db->quote($this->dataRecord["language"]);
        
        $salt="$1$";
        $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
        for ($n=0;$n<8;$n++) {
            $salt.=$base64_alphabet[mt_rand(0,63)];
        }
        $salt.="$";
        $password = crypt(stripslashes($password),$salt);
		
        // Create the controlpaneluser for the reseller
        $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
        VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
        VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
        $app->db->query($sql);
        
        //* set the number of clients to 1
@@ -188,7 +196,14 @@
        if($conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
            $password = $app->db->quote($this->dataRecord["password"]);
            $client_id = $this->id;
            $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id";
            $salt="$1$";
            $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
            for ($n=0;$n<8;$n++) {
                $salt.=$base64_alphabet[mt_rand(0,63)];
            }
            $salt.="$";
            $password = crypt(stripslashes($password),$salt);
            $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
            $app->db->query($sql);
        }