fixed password encryption mechanism in remoting API.
| | |
|---|
| | | $salt.="$"; |
|---|
| | | $password = crypt(stripslashes($password),$salt); |
|---|
| | | $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) |
|---|
| | | VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)"; |
|---|
| | | VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)"; |
|---|
| | | $app->db->query($sql1); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | $username = $app->db->quote($params["username"]); |
|---|
| | | $password = $app->db->quote($params["password"]); |
|---|
| | | $client_id = intval($client_id); |
|---|
| | | $sql = "UPDATE sys_user set username = '$username', passwort = md5('$password') WHERE client_id = $client_id"; |
|---|
| | | $salt="$1$"; |
|---|
| | | $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; |
|---|
| | | for ($n=0;$n<8;$n++) { |
|---|
| | | $salt.=$base64_alphabet[mt_rand(0,63)]; |
|---|
| | | } |
|---|
| | | $salt.="$"; |
|---|
| | | $password = crypt(stripslashes($password),$salt); |
|---|
| | | $sql = "UPDATE sys_user set username = '$username', passwort = '$password' WHERE client_id = $client_id"; |
|---|
| | | $app->db->query($sql); |
|---|
| | | } |
|---|
| | | |
|---|
