From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/web/login/index.php |   43 +++++++++++++++++++++++--------------------
 1 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 6dd838a..2ecf4ac 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -60,7 +60,7 @@
 
 	//** Check variables
 	if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
-	if(!preg_match("/^.{1,64}$/i", $_POST['password'])) $error = $app->lng('pw_error_length');
+	if(!preg_match("/^.{1,256}$/i", $_POST['password'])) $error = $app->lng('pw_error_length');
 
 	//** importing variables
 	$ip    = ip2long($_SERVER['REMOTE_ADDR']);
@@ -157,9 +157,8 @@
 					$user = false;
 					if($mailuser) {
 						$saved_password = stripslashes($mailuser['password']);
-						$salt = '$1$'.substr($saved_password, 3, 8).'$';
 						//* Check if mailuser password is correct
-						if(crypt(stripslashes($password), $salt) == $saved_password) {
+						if(crypt(stripslashes($password), $saved_password) == $saved_password) {
 							//* we build a fake user here which has access to the mailuser module only and userid 0
 							$user = array();
 							$user['userid'] = 0;
@@ -182,22 +181,15 @@
 					$user = $app->db->queryOneRecord($sql, $username);
 					if($user) {
 						$saved_password = stripslashes($user['passwort']);
-						if(substr($saved_password, 0, 3) == '$1$') {
-							//* The password is crypt-md5 encrypted
-							$salt = '$1$'.substr($saved_password, 3, 8).'$';
-								if(crypt(stripslashes($password), $salt) != $saved_password) {
-								$user = false;
-							}
-						} elseif(substr($saved_password, 0, 3) == '$5$') {
-							//* The password is crypt-sha256 encrypted
-							$salt = '$5$'.substr($saved_password, 3, 16).'$';
-								if(crypt(stripslashes($password), $salt) != $saved_password) {
+						if(substr($saved_password, 0, 1) == '$') {
+							//* The password is encrypted with crypt
+							if(crypt(stripslashes($password), $saved_password) != $saved_password) {
 								$user = false;
 							}
 						} else {
-								//* The password is md5 encrypted
+							//* The password is md5 encrypted
 							if(md5($password) != $saved_password) {
-									$user = false;
+								$user = false;
 							}
 						}
 					} else {
@@ -217,16 +209,18 @@
 						$user = $app->db->toLower($user);
 						
 						if ($loginAs) $oldSession = $_SESSION['s'];
-						if (!$loginAs) session_regenerate_id(true);
+						// Session regenerate causes login problems on some systems, have to find a better way. see Issue #3827
+						//if (!$loginAs) session_regenerate_id(true);
 						$_SESSION = array();
 						if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back!
 						$_SESSION['s']['user'] = $user;
 						$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
 						$_SESSION['s']['language'] = $user['language'];
 						$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
+						if ($loginAs) $_SESSION['s']['plugin_cache'] = $_SESSION['s_old']['plugin_cache'];
 						
-						if(is_file($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
-							include_once $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
+						if(is_file(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
+							include_once ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
 							$menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d';
 								if (is_dir($menu_dir)) {
 								if ($dh = opendir($menu_dir)) {
@@ -268,7 +262,7 @@
 							echo 'LOGIN_REDIRECT:'.$_SESSION['s']['module']['startpage'];
 							exit;
 						} else {
-							header('Location: /index.php?phpsessid='.session_id());
+							header('Location: ../index.php');
 							die();
 						}
 					}
@@ -312,6 +306,7 @@
 }
 
 $app->load('getconf');
+$sys_config = $app->getconf->get_global_config('misc');
 
 $security_config = $app->getconf->get_security_config('permissions');
 if($security_config['password_reset_allowed'] == 'yes') {
@@ -348,7 +343,15 @@
 $app->tpl->setVar('base64_logo_txt', $base64_logo_txt);
 
 // Title
-$app->tpl->setVar('company_name', $sys_config['company_name']. ' :: ');
+if (!empty($sys_config['company_name'])) {
+	$app->tpl->setVar('company_name', $sys_config['company_name']. ' :: ');
+}
+
+// Custom Login
+if ($sys_config['custom_login_text'] != '') {
+	 $custom_login = @($sys_config['custom_login_link'] != '')?'<a href="'.$sys_config['custom_login_link'].'" target="_blank">'.$sys_config['custom_login_text'].'</a>':$sys_config['custom_login_text'];
+}
+$app->tpl->setVar('custom_login', $custom_login);
 
 $app->tpl_defaults();
 

--
Gitblit v1.9.1