From c614f1b47ddf62d166a61f51bc5c9ff196925616 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 12 Sep 2011 04:45:22 -0400
Subject: [PATCH] Fixed: FS#1741 - Password after update
---
interface/web/client/client_edit.php | 9 +--------
interface/lib/classes/auth.inc.php | 10 ++++++++++
interface/lib/classes/tform.inc.php | 20 ++------------------
interface/web/login/password_reset.php | 11 ++---------
4 files changed, 15 insertions(+), 35 deletions(-)
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index 1002bd6..aa4eb9f 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -132,6 +132,16 @@
}
return $password;
}
+
+ public function crypt_password($cleartext_password) {
+ $salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+ for ($n=0;$n<8;$n++) {
+ $salt.=$base64_alphabet[mt_rand(0,63)];
+ }
+ $salt.="$";
+ return crypt($cleartext_password,$salt);
+ }
}
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index dbaf686..673a7d7 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -903,15 +903,7 @@
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if($field['encryption'] == 'CRYPT') {
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- //$salt.=chr(mt_rand(64,126));
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- // $salt = substr(md5(time()),0,2);
- $record[$key] = crypt(stripslashes($record[$key]),$salt);
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'MYSQL') {
$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
@@ -938,15 +930,7 @@
} else {
if($field['formtype'] == 'PASSWORD') {
if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- //$salt.=chr(mt_rand(64,126));
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- // $salt = substr(md5(time()),0,2);
- $record[$key] = crypt(stripslashes($record[$key]),$salt);
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index 4581397..5896361 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -149,14 +149,7 @@
$type = 'user';
$active = 1;
$language = $app->db->quote($this->dataRecord["language"]);
-
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- $password = crypt(stripslashes($password),$salt);
+ $password = $app->auth->crypt_password($password);
// Create the controlpaneluser for the client
//Generate ssh-rsa-keys
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index 5c23cc4..659859a 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -52,15 +52,8 @@
$client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' AND email = '$email'");
if($client['client_id'] > 0) {
- $new_password = md5 (uniqid (rand()));
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- //$salt.=chr(mt_rand(64,126));
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- $new_password_encrypted = crypt($new_password,$salt);
+ $new_password = $app->auth->get_random_password();
+ $new_password_encrypted = $app->auth->crypt_password($new_password);
$new_password_encrypted = $app->db->quote($new_password_encrypted);
$username = $app->db->quote($client['username']);
--
Gitblit v1.9.1