| interface/lib/classes/remoting_lib.inc.php | ●●●●● patch | view | raw | blame | history | |
| interface/lib/classes/tform.inc.php | ●●●●● patch | view | raw | blame | history | |
| server/plugins-available/mysql_clientdb_plugin.inc.php | ●●●●● patch | view | raw | blame | history |
interface/lib/classes/remoting_lib.inc.php
@@ -681,7 +681,9 @@ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); $record[$key] = $tmp['crypted']; $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } else { $record[$key] = md5(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; @@ -708,7 +710,9 @@ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); $record[$key] = $tmp['crypted']; $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } else { $record[$key] = md5(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; interface/lib/classes/tform.inc.php
@@ -1057,7 +1057,9 @@ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif ($field['encryption'] == 'MYSQL') { $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); $record[$key] = $tmp['crypted']; $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif ($field['encryption'] == 'CLEARTEXT') { $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } else { @@ -1084,7 +1086,9 @@ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); $record[$key] = $tmp['crypted']; $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } else { server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -393,7 +393,7 @@ } if($data['new']['database_password'] != $data['old']['database_password'] && $data['new']['database_password'] != '') { $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');"); // is contained in clear text so PASSWORD() func is needed $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';"); $app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG); } }
