From a4f0dbe5c499aa04ad13c2b45a53e05dafcf83dc Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Wed, 30 Mar 2016 09:07:19 -0400
Subject: [PATCH] Ported Merge Request !304 from master
---
interface/web/login/index.php | 20 ++++++--------------
1 files changed, 6 insertions(+), 14 deletions(-)
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 4df3703..5339f04 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -157,9 +157,8 @@
$user = false;
if($mailuser) {
$saved_password = stripslashes($mailuser['password']);
- $salt = '$1$'.substr($saved_password, 3, 8).'$';
//* Check if mailuser password is correct
- if(crypt(stripslashes($password), $salt) == $saved_password) {
+ if(crypt(stripslashes($password), $saved_password) == $saved_password) {
//* we build a fake user here which has access to the mailuser module only and userid 0
$user = array();
$user['userid'] = 0;
@@ -182,22 +181,15 @@
$user = $app->db->queryOneRecord($sql, $username);
if($user) {
$saved_password = stripslashes($user['passwort']);
- if(substr($saved_password, 0, 3) == '$1$') {
- //* The password is crypt-md5 encrypted
- $salt = '$1$'.substr($saved_password, 3, 8).'$';
- if(crypt(stripslashes($password), $salt) != $saved_password) {
- $user = false;
- }
- } elseif(substr($saved_password, 0, 3) == '$5$') {
- //* The password is crypt-sha256 encrypted
- $salt = '$5$'.substr($saved_password, 3, 16).'$';
- if(crypt(stripslashes($password), $salt) != $saved_password) {
+ if(substr($saved_password, 0, 1) == '$') {
+ //* The password is encrypted with crypt
+ if(crypt(stripslashes($password), $saved_password) != $saved_password) {
$user = false;
}
} else {
- //* The password is md5 encrypted
+ //* The password is md5 encrypted
if(md5($password) != $saved_password) {
- $user = false;
+ $user = false;
}
}
} else {
--
Gitblit v1.9.1