From 6eaa70d991cd22196f4a8774c3d0b23fe4c4f3b0 Mon Sep 17 00:00:00 2001 From: Janos SUTO Date: Sun, 9 Sep 2018 16:15:49 +0000 Subject: [PATCH] Added salt to crypt() Signed-off-by: Janos SUTO --- webui/model/user/auth.php | 3 ++- webui/model/user/user.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/webui/model/user/auth.php b/webui/model/user/auth.php index 3b11513d..df74dccb 100644 --- a/webui/model/user/auth.php +++ b/webui/model/user/auth.php @@ -576,7 +576,8 @@ class ModelUserAuth extends Model { public function change_password($username = '', $password = '') { if($username == "" || $password == ""){ return 0; } - $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=(SELECT uid FROM " . TABLE_EMAIL . " WHERE email=?)", array(crypt($password), $username)); + $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=(SELECT uid FROM " . TABLE_EMAIL . " WHERE email=?)", + array(crypt($password, '$6$' . generate_random_string()), $username)); $rc = $this->db->countAffected(); diff --git a/webui/model/user/user.php b/webui/model/user/user.php index 074ea752..9979ffd2 100644 --- a/webui/model/user/user.php +++ b/webui/model/user/user.php @@ -350,7 +350,7 @@ class ModelUserUser extends Model { return $user['username']; } - $encrypted_password = crypt($user['password']); + $encrypted_password = crypt($user['password'], '$6$' . generate_random_string()); $samaccountname = ''; if(isset($user['samaccountname'])) { $samaccountname = $user['samaccountname']; }