#1049: Fixed crypt() calling

Signed-off-by: Janos SUTO <sj@acts.hu>
This commit is contained in:
Janos SUTO 2020-02-26 19:52:33 +01:00
parent c0b1df9bb1
commit e169c09c4c
3 changed files with 11 additions and 10 deletions

View File

@ -577,7 +577,7 @@ class ModelUserAuth extends Model {
if($username == "" || $password == ""){ return 0; } if($username == "" || $password == ""){ return 0; }
$query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=(SELECT uid FROM " . TABLE_EMAIL . " WHERE email=?)", $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=(SELECT uid FROM " . TABLE_EMAIL . " WHERE email=?)",
array(crypt($password, '$6$' . generate_random_string()), $username)); [encrypt_password($password), $username]);
$rc = $this->db->countAffected(); $rc = $this->db->countAffected();

View File

@ -350,12 +350,10 @@ class ModelUserUser extends Model {
return $user['username']; return $user['username'];
} }
$encrypted_password = crypt($user['password'], '$6$' . generate_random_string());
$samaccountname = ''; $samaccountname = '';
if(isset($user['samaccountname'])) { $samaccountname = $user['samaccountname']; } if(isset($user['samaccountname'])) { $samaccountname = $user['samaccountname']; }
$query = $this->db->query("INSERT INTO " . TABLE_USER . " (uid, username, realname, password, domain, dn, isadmin, samaccountname) VALUES(?,?,?,?,?,?,?,?)", array((int)$user['uid'], $user['username'], $user['realname'], $encrypted_password, $user['domain'], @$user['dn'], (int)$user['isadmin'], $samaccountname)); $query = $this->db->query("INSERT INTO " . TABLE_USER . " (uid, username, realname, password, domain, dn, isadmin, samaccountname) VALUES(?,?,?,?,?,?,?,?)", array((int)$user['uid'], $user['username'], $user['realname'], encrypt_password($user['password']), $user['domain'], @$user['dn'], (int)$user['isadmin'], $samaccountname));
if($query->error == 1 || $this->db->countAffected() == 0){ return $user['username']; } if($query->error == 1 || $this->db->countAffected() == 0){ return $user['username']; }
@ -422,7 +420,7 @@ class ModelUserUser extends Model {
/* update password field if we have to */ /* update password field if we have to */
if(strlen($user['password']) >= MIN_PASSWORD_LENGTH) { if(strlen($user['password']) >= MIN_PASSWORD_LENGTH) {
$query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=?", array(crypt($user['password']), (int)$user['uid'])); $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=?", array(encrypt_password($user['password']), (int)$user['uid']));
if($this->db->countAffected() != 1) { return 0; } if($this->db->countAffected() != 1) { return 0; }
} }
@ -571,5 +569,3 @@ class ModelUserUser extends Model {
} }
?>

View File

@ -575,3 +575,8 @@ function htmlentities_on_array($arr = []) {
return $arr; return $arr;
} }
function encrypt_password($password = '') {
return crypt($password, '$6$rounds=5000$' . generate_random_string() . '$');
}