From e169c09c4c84be33f1f478b220bcc611754931b0 Mon Sep 17 00:00:00 2001 From: Janos SUTO Date: Wed, 26 Feb 2020 19:52:33 +0100 Subject: [PATCH] #1049: Fixed crypt() calling Signed-off-by: Janos SUTO --- webui/model/user/auth.php | 2 +- webui/model/user/user.php | 14 +++++--------- webui/system/misc.php | 5 +++++ 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/webui/model/user/auth.php b/webui/model/user/auth.php index 8fdd94d6..313ae4f3 100644 --- a/webui/model/user/auth.php +++ b/webui/model/user/auth.php @@ -577,7 +577,7 @@ class ModelUserAuth extends Model { if($username == "" || $password == ""){ return 0; } $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=(SELECT uid FROM " . TABLE_EMAIL . " WHERE email=?)", - array(crypt($password, '$6$' . generate_random_string()), $username)); + [encrypt_password($password), $username]); $rc = $this->db->countAffected(); diff --git a/webui/model/user/user.php b/webui/model/user/user.php index 9979ffd2..03a3a196 100644 --- a/webui/model/user/user.php +++ b/webui/model/user/user.php @@ -65,7 +65,7 @@ class ModelUserUser extends Model { foreach ($query->rows as $q) { array_push($data, $q['email']); } - + } $emails = $this->get_email_addresses_from_groups($data); @@ -350,12 +350,10 @@ class ModelUserUser extends Model { return $user['username']; } - $encrypted_password = crypt($user['password'], '$6$' . generate_random_string()); - $samaccountname = ''; if(isset($user['samaccountname'])) { $samaccountname = $user['samaccountname']; } - $query = $this->db->query("INSERT INTO " . TABLE_USER . " (uid, username, realname, password, domain, dn, isadmin, samaccountname) VALUES(?,?,?,?,?,?,?,?)", array((int)$user['uid'], $user['username'], $user['realname'], $encrypted_password, $user['domain'], @$user['dn'], (int)$user['isadmin'], $samaccountname)); + $query = $this->db->query("INSERT INTO " . TABLE_USER . " (uid, username, realname, password, domain, dn, isadmin, samaccountname) VALUES(?,?,?,?,?,?,?,?)", array((int)$user['uid'], $user['username'], $user['realname'], encrypt_password($user['password']), $user['domain'], @$user['dn'], (int)$user['isadmin'], $samaccountname)); if($query->error == 1 || $this->db->countAffected() == 0){ return $user['username']; } @@ -420,9 +418,9 @@ class ModelUserUser extends Model { /* update password field if we have to */ - + if(strlen($user['password']) >= MIN_PASSWORD_LENGTH) { - $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=?", array(crypt($user['password']), (int)$user['uid'])); + $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=?", array(encrypt_password($user['password']), (int)$user['uid'])); if($this->db->countAffected() != 1) { return 0; } } @@ -468,7 +466,7 @@ class ModelUserUser extends Model { $all_domains = $this->get_email_domains(); $submitted_domains = explode("\n", $domains); - + foreach($submitted_domains as $d) { $d = trim($d); @@ -571,5 +569,3 @@ class ModelUserUser extends Model { } - -?> diff --git a/webui/system/misc.php b/webui/system/misc.php index 99145407..d7caf036 100644 --- a/webui/system/misc.php +++ b/webui/system/misc.php @@ -575,3 +575,8 @@ function htmlentities_on_array($arr = []) { return $arr; } + + +function encrypt_password($password = '') { + return crypt($password, '$6$rounds=5000$' . generate_random_string() . '$'); +}