Added salt to crypt()

Signed-off-by: Janos SUTO <sj@acts.hu>
2025-10-31 04:52:26 +01:00 · 2018-09-09 16:15:49 +00:00
parent eae385616f
commit 6eaa70d991
2 changed files with 3 additions and 2 deletions
--- a/webui/model/user/auth.php
+++ b/webui/model/user/auth.php
@@ -576,7 +576,8 @@ class ModelUserAuth extends Model {
   public function change_password($username = '', $password = '') {
      if($username == "" || $password == ""){ return 0; }
-      $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=(SELECT uid FROM " . TABLE_EMAIL . " WHERE email=?)", array(crypt($password), $username));
+      $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=(SELECT uid FROM " . TABLE_EMAIL . " WHERE email=?)",
                                array(crypt($password, '$6$' . generate_random_string()), $username));
      $rc = $this->db->countAffected();
--- a/webui/model/user/user.php
+++ b/webui/model/user/user.php
@@ -350,7 +350,7 @@ class ModelUserUser extends Model {
         return $user['username'];
      }
-      $encrypted_password = crypt($user['password']);
+      $encrypted_password = crypt($user['password'], '$6$' . generate_random_string());
      $samaccountname = '';
      if(isset($user['samaccountname'])) { $samaccountname = $user['samaccountname']; }