From 1ca823723668e01b1b998faec5f8d8153545cfa8 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 04 Apr 2011 08:22:29 -0400
Subject: [PATCH] Merged revisions 2181-2262 from stable branch.

---
 interface/lib/classes/remoting_lib.inc.php |   23 +++++++++++++++++++----
 1 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 8754760..57ff998 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -661,11 +661,11 @@
 		}
 
 		function ispconfig_sysuser_add($params,$insert_id){
-			global $app,$sql1;
+			global $conf,$app,$sql1;
 			$username = $app->db->quote($params["username"]);
 			$password = $app->db->quote($params["password"]);
 			if(!isset($params['modules'])) {
-				$modules = 'dashboard,mail,sites,dns,tools';
+				$modules = $conf['interface_modules_enabled'];
 			} else {
 				$modules = $app->db->quote($params['modules']);
 			}
@@ -685,8 +685,16 @@
 			$language = $app->db->quote($params["language"]);
 			$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
 			$groups = $groupid;
+			
+			$salt="$1$";
+			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+			for ($n=0;$n<8;$n++) {
+				$salt.=$base64_alphabet[mt_rand(0,63)];
+			}
+			$salt.="$";
+			$password = crypt(stripslashes($password),$salt);
 			$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
-			VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
+			VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
 			$app->db->query($sql1);
 		}
 		
@@ -695,7 +703,14 @@
 			$username = $app->db->quote($params["username"]);
 			$password = $app->db->quote($params["password"]);
 			$client_id = intval($client_id);
-			$sql = "UPDATE sys_user set username = '$username', passwort = md5('$password') WHERE client_id = $client_id";
+			$salt="$1$";
+			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+			for ($n=0;$n<8;$n++) {
+				$salt.=$base64_alphabet[mt_rand(0,63)];
+			}
+			$salt.="$";
+			$password = crypt(stripslashes($password),$salt);
+			$sql = "UPDATE sys_user set username = '$username', passwort = '$password' WHERE client_id = $client_id";
 			$app->db->query($sql);
 		}
 		

--
Gitblit v1.9.1