interface/lib/classes/auth.inc.php | ●●●●● patch | view | raw | blame | history | |
interface/lib/classes/tform.inc.php | ●●●●● patch | view | raw | blame | history | |
interface/web/client/client_edit.php | ●●●●● patch | view | raw | blame | history | |
interface/web/login/password_reset.php | ●●●●● patch | view | raw | blame | history |
interface/lib/classes/auth.inc.php
@@ -132,6 +132,16 @@ } return $password; } public function crypt_password($cleartext_password) { $salt="$1$"; $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; for ($n=0;$n<8;$n++) { $salt.=$base64_alphabet[mt_rand(0,63)]; } $salt.="$"; return crypt($cleartext_password,$salt); } } interface/lib/classes/tform.inc.php
@@ -903,15 +903,7 @@ if($field['formtype'] == 'PASSWORD') { $sql_insert_key .= "`$key`, "; if($field['encryption'] == 'CRYPT') { $salt="$1$"; $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; for ($n=0;$n<8;$n++) { //$salt.=chr(mt_rand(64,126)); $salt.=$base64_alphabet[mt_rand(0,63)]; } $salt.="$"; // $salt = substr(md5(time()),0,2); $record[$key] = crypt(stripslashes($record[$key]),$salt); $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif ($field['encryption'] == 'MYSQL') { $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; @@ -938,15 +930,7 @@ } else { if($field['formtype'] == 'PASSWORD') { if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') { $salt="$1$"; $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; for ($n=0;$n<8;$n++) { //$salt.=chr(mt_rand(64,126)); $salt.=$base64_alphabet[mt_rand(0,63)]; } $salt.="$"; // $salt = substr(md5(time()),0,2); $record[$key] = crypt(stripslashes($record[$key]),$salt); $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; interface/web/client/client_edit.php
@@ -149,14 +149,7 @@ $type = 'user'; $active = 1; $language = $app->db->quote($this->dataRecord["language"]); $salt="$1$"; $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; for ($n=0;$n<8;$n++) { $salt.=$base64_alphabet[mt_rand(0,63)]; } $salt.="$"; $password = crypt(stripslashes($password),$salt); $password = $app->auth->crypt_password($password); // Create the controlpaneluser for the client //Generate ssh-rsa-keys interface/web/login/password_reset.php
@@ -52,15 +52,8 @@ $client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' AND email = '$email'"); if($client['client_id'] > 0) { $new_password = md5 (uniqid (rand())); $salt="$1$"; $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; for ($n=0;$n<8;$n++) { //$salt.=chr(mt_rand(64,126)); $salt.=$base64_alphabet[mt_rand(0,63)]; } $salt.="$"; $new_password_encrypted = crypt($new_password,$salt); $new_password = $app->auth->get_random_password(); $new_password_encrypted = $app->auth->crypt_password($new_password); $new_password_encrypted = $app->db->quote($new_password_encrypted); $username = $app->db->quote($client['username']);