tbrehm
2011-09-12 c614f1b47ddf62d166a61f51bc5c9ff196925616
Fixed: FS#1741 - Password after update
4 files modified
50 ■■■■■ changed files
interface/lib/classes/auth.inc.php 10 ●●●●● patch | view | raw | blame | history
interface/lib/classes/tform.inc.php 20 ●●●● patch | view | raw | blame | history
interface/web/client/client_edit.php 9 ●●●● patch | view | raw | blame | history
interface/web/login/password_reset.php 11 ●●●● patch | view | raw | blame | history
interface/lib/classes/auth.inc.php
@@ -132,6 +132,16 @@
        }
        return $password;
    }
    public function crypt_password($cleartext_password) {
        $salt="$1$";
        $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
        for ($n=0;$n<8;$n++) {
            $salt.=$base64_alphabet[mt_rand(0,63)];
        }
        $salt.="$";
        return crypt($cleartext_password,$salt);
    }
        
}
interface/lib/classes/tform.inc.php
@@ -903,15 +903,7 @@
                                                if($field['formtype'] == 'PASSWORD') {
                                                        $sql_insert_key .= "`$key`, ";
                                                        if($field['encryption'] == 'CRYPT') {
                                                                $salt="$1$";
                                                                $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
                                                                for ($n=0;$n<8;$n++) {
                                                                    //$salt.=chr(mt_rand(64,126));
                                                                    $salt.=$base64_alphabet[mt_rand(0,63)];
                                                                }
                                                                $salt.="$";
                                                                // $salt = substr(md5(time()),0,2);
                                                                $record[$key] = crypt(stripslashes($record[$key]),$salt);
                                                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
                                                                $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                                                        } elseif ($field['encryption'] == 'MYSQL') {
                                                                $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
@@ -938,15 +930,7 @@
                                        } else {
                                                if($field['formtype'] == 'PASSWORD') {
                                                        if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
                                                                $salt="$1$";
                                                                $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
                                                                for ($n=0;$n<8;$n++) {
                                                                    //$salt.=chr(mt_rand(64,126));
                                                                    $salt.=$base64_alphabet[mt_rand(0,63)];
                                                                }
                                                                $salt.="$";
                                                                // $salt = substr(md5(time()),0,2);
                                                                $record[$key] = crypt(stripslashes($record[$key]),$salt);
                                                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
                                                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                                                        } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
                                                                $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
interface/web/client/client_edit.php
@@ -149,14 +149,7 @@
        $type = 'user';
        $active = 1;
        $language = $app->db->quote($this->dataRecord["language"]);
        $salt="$1$";
        $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
        for ($n=0;$n<8;$n++) {
            $salt.=$base64_alphabet[mt_rand(0,63)];
        }
        $salt.="$";
        $password = crypt(stripslashes($password),$salt);
        $password = $app->auth->crypt_password($password);
        
        // Create the controlpaneluser for the client
        //Generate ssh-rsa-keys
interface/web/login/password_reset.php
@@ -52,15 +52,8 @@
    $client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' AND email = '$email'");
    
    if($client['client_id'] > 0) {
        $new_password = md5 (uniqid (rand()));
        $salt="$1$";
        $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
        for ($n=0;$n<8;$n++) {
            //$salt.=chr(mt_rand(64,126));
            $salt.=$base64_alphabet[mt_rand(0,63)];
        }
        $salt.="$";
        $new_password_encrypted = crypt($new_password,$salt);
        $new_password = $app->auth->get_random_password();
        $new_password_encrypted = $app->auth->crypt_password($new_password);
        $new_password_encrypted = $app->db->quote($new_password_encrypted);
        
        $username = $app->db->quote($client['username']);