From 11dfd724a70f60777e98bb87e26f9a562f3d9801 Mon Sep 17 00:00:00 2001
From: skuli434 <skuli434@ispconfig3>
Date: Thu, 22 Dec 2011 09:17:16 -0500
Subject: [PATCH] myispconfig
---
interface/lib/classes/remoting_lib.inc.php | 45 ++++++++-------------------------------------
1 files changed, 8 insertions(+), 37 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 11b2449..a9dd870 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -294,7 +294,7 @@
* @return record
*/
function encode($record) {
-
+ global $app;
if(is_array($record)) {
foreach($this->formDef['fields'] as $key => $field) {
@@ -303,14 +303,14 @@
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = mysql_real_escape_string($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
@@ -347,7 +347,7 @@
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = mysql_real_escape_string($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
@@ -530,15 +530,7 @@
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if($field['encryption'] == 'CRYPT') {
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- //$salt.=chr(mt_rand(64,126));
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- // $salt = substr(md5(time()),0,2);
- $record[$key] = crypt($record[$key],$salt);
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
} else {
$record[$key] = md5($record[$key]);
}
@@ -559,15 +551,7 @@
} else {
if($field['formtype'] == 'PASSWORD') {
if($field['encryption'] == 'CRYPT') {
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- //$salt.=chr(mt_rand(64,126));
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- // $salt = substr(md5(time()),0,2);
- $record[$key] = crypt($record[$key],$salt);
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
} else {
$record[$key] = md5($record[$key]);
}
@@ -693,14 +677,7 @@
$language = $app->db->quote($params["language"]);
$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
$groups = $groupid;
-
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- $password = crypt(stripslashes($password),$salt);
+ $password = $app->auth->crypt_password(stripslashes($password));
$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
$app->db->query($sql1);
@@ -711,13 +688,7 @@
$username = $app->db->quote($params["username"]);
$clear_password = $app->db->quote($params["password"]);
$client_id = intval($client_id);
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- $password = crypt(stripslashes($clear_password),$salt);
+ $password = $app->auth->crypt_password(stripslashes($clear_password));
if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
$sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
$app->db->query($sql);
--
Gitblit v1.9.1