From a4e127a6af97041b2c067f888f8c73a8aec682f1 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Mon, 04 Jan 2016 05:29:53 -0500
Subject: [PATCH] Merge branch 'mergebranch' into 'master'

---
 interface/lib/classes/remote.d/client.inc.php |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/interface/lib/classes/remote.d/client.inc.php b/interface/lib/classes/remote.d/client.inc.php
index cccc04f..8e1324e 100644
--- a/interface/lib/classes/remote.d/client.inc.php
+++ b/interface/lib/classes/remote.d/client.inc.php
@@ -526,22 +526,24 @@
 	 * @param int  client id
 	 * @param string new password
 	 * @return bool true if success
-	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
 	 *
 	 */
 	public function client_change_password($session_id, $client_id, $new_password) {
 		global $app;
 
+		$app->uses('auth');
+
 		if(!$this->checkPerm($session_id, 'client_change_password')) {
 			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$client_id = $app->functions->intval($client_id);
+
 		$client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
 		if($client['client_id'] > 0) {
-			$sql = "UPDATE client SET password = md5(?) 	WHERE client_id = ?";
+			$new_password = $app->auth->crypt_password($new_password);
+			$sql = "UPDATE client SET password = ? 	WHERE client_id = ?";
 			$app->db->query($sql, $new_password, $client_id);
-			$sql = "UPDATE sys_user SET passwort = md5(?) 	WHERE client_id = ?";
+			$sql = "UPDATE sys_user SET passwort = ? 	WHERE client_id = ?";
 			$app->db->query($sql, $new_password, $client_id);
 			return true;
 		} else {
@@ -681,7 +683,6 @@
 		
 		return $returnval;
 	}
-
 }
 
 ?>

--
Gitblit v1.9.1