ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
A. Täffner
2016-04-11 994f32aaa99be234ba52ce2fb1bb808eee1e1c7d 
 interface/web/login/index.php


@@ -60,7 +60,7 @@




   //** Check variables


   if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $_POST['username'])) $error = $app->lng('user_regex_error');


   if(!preg_match("/^.{1,64}$/i", $_POST['password'])) $error = $app->lng('pw_error_length');


   if(!preg_match("/^.{1,256}$/i", $_POST['password'])) $error = $app->lng('pw_error_length');




   //** importing variables


   $ip    = ip2long($_SERVER['REMOTE_ADDR']);


@@ -157,9 +157,8 @@


               $user = false;


               if($mailuser) {


                  $saved_password = stripslashes($mailuser['password']);


                  $salt = '$1$'.substr($saved_password, 3, 8).'$';


                  //* Check if mailuser password is correct


                  if(crypt(stripslashes($password), $salt) == $saved_password) {


                  if(crypt(stripslashes($password), $saved_password) == $saved_password) {


                     //* we build a fake user here which has access to the mailuser module only and userid 0


                     $user = array();


                     $user['userid'] = 0;


@@ -182,22 +181,15 @@


               $user = $app->db->queryOneRecord($sql, $username);


               if($user) {


                  $saved_password = stripslashes($user['passwort']);


                  if(substr($saved_password, 0, 3) == '$1$') {


                     //* The password is crypt-md5 encrypted


                     $salt = '$1$'.substr($saved_password, 3, 8).'$';


                        if(crypt(stripslashes($password), $salt) != $saved_password) {


                        $user = false;


                     }


                  } elseif(substr($saved_password, 0, 3) == '$5$') {


                     //* The password is crypt-sha256 encrypted


                     $salt = '$5$'.substr($saved_password, 3, 16).'$';


                        if(crypt(stripslashes($password), $salt) != $saved_password) {


                  if(substr($saved_password, 0, 1) == '$') {


                     //* The password is encrypted with crypt


                     if(crypt(stripslashes($password), $saved_password) != $saved_password) {


                        $user = false;


                     }


                  } else {


                        //* The password is md5 encrypted


                     //* The password is md5 encrypted


                     if(md5($password) != $saved_password) {


                           $user = false;


                        $user = false;


                     }


                  }


               } else {


@@ -351,6 +343,12 @@


// Title


$app->tpl->setVar('company_name', $sys_config['company_name']. ' :: ');




// Custom Login


if ($sys_config['custom_login_text'] != '') {


    $custom_login = @($sys_config['custom_login_link'] != '')?'<a href="'.$sys_config['custom_login_link'].'" target="_blank">'.$sys_config['custom_login_text'].'</a>':$sys_config['custom_login_text'];


}


$app->tpl->setVar('custom_login', $custom_login);




$app->tpl_defaults();




$app->tpl->pparse();