From aad102f73868ea83357856c3afe57617f411c83a Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Tue, 19 Jul 2016 14:29:38 -0400
Subject: [PATCH] Fixed #4033 Special characters in email mailbox password
---
interface/lib/classes/auth.inc.php | 5 ++++-
interface/web/mail/form/mail_user.tform.php | 2 +-
interface/lib/classes/tform_base.inc.php | 11 +++++++++++
interface/web/mail/mail_user_edit.php | 1 -
4 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index 4c97757..9c52f50 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -213,7 +213,10 @@
return str_shuffle($password);
}
- public function crypt_password($cleartext_password) {
+ public function crypt_password($cleartext_password, $charset = 'UTF-8') {
+ if($charset != 'UTF-8') {
+ $cleartext_password = mb_convert_encoding($cleartext_password, $charset, 'UTF-8');
+ }
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index 1c5c6e0..f5e1793 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -901,6 +901,9 @@
case 'IDNTOUTF8':
$returnval = $app->functions->idn_decode($returnval);
break;
+ case 'TOLATIN1':
+ $returnval = mb_convert_encoding($returnval, 'ISO-8859-1', 'UTF-8');
+ break;
case 'TRIM':
$returnval = trim($returnval);
break;
@@ -1263,6 +1266,10 @@
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
+ } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
+ // The password for the mail system needs to be converted to latin1 before it is hashed.
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
@@ -1291,6 +1298,10 @@
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
+ } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
+ // The password for the mail system needs to be converted to latin1 before it is hashed.
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
$record[$key] = $tmp['crypted'];
diff --git a/interface/web/mail/form/mail_user.tform.php b/interface/web/mail/form/mail_user.tform.php
index 9b4ff8f..8a19e66 100644
--- a/interface/web/mail/form/mail_user.tform.php
+++ b/interface/web/mail/form/mail_user.tform.php
@@ -128,7 +128,7 @@
'errmsg' => 'weak_password_txt'
)
),
- 'encryption'=> 'CRYPT',
+ 'encryption'=> 'CRYPTMAIL',
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php
index aedcd22..a79d8f8 100644
--- a/interface/web/mail/mail_user_edit.php
+++ b/interface/web/mail/mail_user_edit.php
@@ -143,7 +143,6 @@
if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
}
-
//* if its an insert, check that the password is not empty
if($this->id == 0 && $_POST["password"] == '') {
$app->tform->errorMessage .= $app->tform->lng("error_no_pwd")."<br>";
--
Gitblit v1.9.1