From e7663cef0f123d09d964b6d5177f8c0da081be1a Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Tue, 13 Nov 2012 07:34:55 -0500
Subject: [PATCH] Implemented: - added isset() checks to password encryption mode in remoting - if additional parameter "_ispconfig_pw_crypted" is set to "1" the password fields are not re-encrypted, this is useful when importing data from existing user-bases where no cleartext passwords are stored. Attention: crypted passwords need to have the same format or they won't work (i.e. CRYPT for CRYPT fields, PASSWORD() for mySQL fields)
---
interface/lib/classes/remoting_lib.inc.php | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 2bb1897..9726b75 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -672,13 +672,13 @@
if($action == "INSERT") {
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
- if($field['encryption'] == 'CRYPT') {
+ if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
+ } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
- } elseif ($field['encryption'] == 'MYSQL') {
+ } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
- } elseif ($field['encryption'] == 'CLEARTEXT') {
- $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
@@ -699,14 +699,14 @@
}
} else {
if($field['formtype'] == 'PASSWORD') {
- if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
+ if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
+ } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
- } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
- $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
- } else {
+ } else {
$record[$key] = md5(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
}
--
Gitblit v1.9.1