From 80e3c9acf3fc9b6d15ea4fea7c89e0a2e12db412 Mon Sep 17 00:00:00 2001 From: tbrehm <t.brehm@ispconfig.org> Date: Tue, 26 Apr 2011 06:41:58 -0400 Subject: [PATCH] - Improved nginx reverse proxy support. - Added UFW firewall support. --- interface/web/login/index.php | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/interface/web/login/index.php b/interface/web/login/index.php index be91708..9216f79 100644 --- a/interface/web/login/index.php +++ b/interface/web/login/index.php @@ -106,21 +106,27 @@ if($alreadyfailed['times'] > 5) { $error = $app->lng('error_user_too_many_logins'); } else { + if ($loginAs){ $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'"; $user = $app->db->queryOneRecord($sql); } else { $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'"; $user = $app->db->queryOneRecord($sql); + if($user && $user['active'] == 1) { + $saved_password = stripslashes($user['passwort']); + if(substr($saved_password,0,3) == '$1$') { //* The password is crypt-md5 encrypted $salt = '$1$'.substr($saved_password,3,8).'$'; + if(crypt($passwort,$salt) != $saved_password) { $user = false; } } else { + //* The password is md5 encrypted if(md5($passwort) != $saved_password) { $user = false; -- Gitblit v1.9.1