Fixed: FS#1741 - Password after update

tbrehm · tbrehm · commit c614f1b47ddf · 2011-09-12T08:45:22.000Z
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
@@ -132,6 +132,16 @@ public function get_random_password($length = 8) {
 		}
 		return $password;
 	}
+	
+	public function crypt_password($cleartext_password) {
+		$salt="$1$";
+		$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+		for ($n=0;$n<8;$n++) {
+			$salt.=$base64_alphabet[mt_rand(0,63)];
+		}
+		$salt.="$";
+		return crypt($cleartext_password,$salt);
+	}
 		
 }
 
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
@@ -903,15 +903,7 @@ function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_whe
                                                 if($field['formtype'] == 'PASSWORD') {
                                                         $sql_insert_key .= "`$key`, ";
                                                         if($field['encryption'] == 'CRYPT') {
-                                                                $salt="$1$";
-																$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-																for ($n=0;$n<8;$n++) {
-																	//$salt.=chr(mt_rand(64,126));
-																	$salt.=$base64_alphabet[mt_rand(0,63)];
-																}
-																$salt.="$";
-																// $salt = substr(md5(time()),0,2);
-																$record[$key] = crypt(stripslashes($record[$key]),$salt);
+																$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
 																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
 														} elseif ($field['encryption'] == 'MYSQL') {
 																$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
@@ -938,15 +930,7 @@ function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_whe
                                         } else {
                                                 if($field['formtype'] == 'PASSWORD') {
 														if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
-                                                                $salt="$1$";
-																$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-																for ($n=0;$n<8;$n++) {
-																	//$salt.=chr(mt_rand(64,126));
-																	$salt.=$base64_alphabet[mt_rand(0,63)];
-																}
-																$salt.="$";
-																// $salt = substr(md5(time()),0,2);
-																$record[$key] = crypt(stripslashes($record[$key]),$salt);
+                                                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
 																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
 														} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
 																$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
@@ -149,14 +149,7 @@ function onAfterInsert() {
 		$type = 'user';
 		$active = 1;
 		$language = $app->db->quote($this->dataRecord["language"]);
-		
-		$salt="$1$";
-		$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-		for ($n=0;$n<8;$n++) {
-			$salt.=$base64_alphabet[mt_rand(0,63)];
-		}
-		$salt.="$";
-		$password = crypt(stripslashes($password),$salt);
+		$password = $app->auth->crypt_password($password);
 		
 		// Create the controlpaneluser for the client
 		//Generate ssh-rsa-keys
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
@@ -52,15 +52,8 @@
 	$client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' AND email = '$email'");
 	
 	if($client['client_id'] > 0) {
-		$new_password = md5 (uniqid (rand()));
-		$salt="$1$";
-		$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-		for ($n=0;$n<8;$n++) {
-			//$salt.=chr(mt_rand(64,126));
-			$salt.=$base64_alphabet[mt_rand(0,63)];
-		}
-		$salt.="$";
-		$new_password_encrypted = crypt($new_password,$salt);
+		$new_password = $app->auth->get_random_password();
+		$new_password_encrypted = $app->auth->crypt_password($new_password);
 		$new_password_encrypted = $app->db->quote($new_password_encrypted);
 		
 		$username = $app->db->quote($client['username']);

Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,16 @@ public function get_random_password($length = 8) {`
`132`	`132`	`}`
`133`	`133`	`return $password;`
`134`	`134`	`}`
	`135`	`+`
	`136`	`+ public function crypt_password($cleartext_password) {`
	`137`	`+ $salt="$1$";`
	`138`	`+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';`
	`139`	`+ for ($n=0;$n<8;$n++) {`
	`140`	`+ $salt.=$base64_alphabet[mt_rand(0,63)];`
	`141`	`+ }`
	`142`	`+ $salt.="$";`
	`143`	`+ return crypt($cleartext_password,$salt);`
	`144`	`+ }`
`135`	`145`
`136`	`146`	`}`
`137`	`147`