From 56a3b2c38a4951fb3be2dc287715bf1d1d5e9222 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 04 Apr 2011 09:38:36 -0400
Subject: [PATCH] Fixed: FS#1570 - Password broken when client is updated with the remote api.

---
 interface/lib/classes/remoting_lib.inc.php |   26 +++++++++++++++++++++-----
 1 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 8754760..1a62b23 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -661,11 +661,11 @@
 		}
 
 		function ispconfig_sysuser_add($params,$insert_id){
-			global $app,$sql1;
+			global $conf,$app,$sql1;
 			$username = $app->db->quote($params["username"]);
 			$password = $app->db->quote($params["password"]);
 			if(!isset($params['modules'])) {
-				$modules = 'dashboard,mail,sites,dns,tools';
+				$modules = $conf['interface_modules_enabled'];
 			} else {
 				$modules = $app->db->quote($params['modules']);
 			}
@@ -685,17 +685,33 @@
 			$language = $app->db->quote($params["language"]);
 			$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
 			$groups = $groupid;
+			
+			$salt="$1$";
+			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+			for ($n=0;$n<8;$n++) {
+				$salt.=$base64_alphabet[mt_rand(0,63)];
+			}
+			$salt.="$";
+			$password = crypt(stripslashes($password),$salt);
 			$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
-			VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
+			VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
 			$app->db->query($sql1);
 		}
 		
 		function ispconfig_sysuser_update($params,$client_id){
 			global $app;
 			$username = $app->db->quote($params["username"]);
-			$password = $app->db->quote($params["password"]);
+			$clear_password = $app->db->quote($params["password"]);
 			$client_id = intval($client_id);
-			$sql = "UPDATE sys_user set username = '$username', passwort = md5('$password') WHERE client_id = $client_id";
+			$salt="$1$";
+			$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+			for ($n=0;$n<8;$n++) {
+				$salt.=$base64_alphabet[mt_rand(0,63)];
+			}
+			$salt.="$";
+			$password = crypt(stripslashes($clear_password),$salt);
+			if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
+			$sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
 			$app->db->query($sql);
 		}
 		

--
Gitblit v1.9.1