You've already forked postfixadmin
mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2025-08-09 05:02:44 +03:00
functions.inc.php:
- pacrypt(): no longer escape_string() the result. This fixes https://sourceforge.net/tracker/index.php?func=detail&aid=3094804&group_id=191583&atid=937964 create-mailbox.php, password.php: - escape_string() the pacrypt() result login.php: - simplify code to require one query less (this also removes the need to escape_string() the password) I also checked the other files using pacrypt() - they don't need escaping or already do it. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1397 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
Christian Boltz
@@ -139,7 +139,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
$tQuota = $fQuota;
|
||||
$tDomain = $fDomain;
|
||||
} else {
|
||||
$password = pacrypt ($fPassword);
|
||||
$password = escape_string(pacrypt ($fPassword));
|
||||
|
||||
if($CONF['maildir_name_hook'] != 'NO' && function_exists($CONF['maildir_name_hook'])) {
|
||||
$hook_func = $CONF['maildir_name_hook'];
|
||||
|
||||
@@ -1184,7 +1184,6 @@ function pacrypt ($pw, $pw_db="") {
|
||||
die ('unknown/invalid $CONF["encrypt"] setting: ' . $CONF['encrypt']);
|
||||
}
|
||||
|
||||
$password = escape_string ($password); # TODO: disable escaping - https://sourceforge.net/tracker/?func=detail&aid=3301752&group_id=191583&atid=937964
|
||||
return $password;
|
||||
}
|
||||
|
||||
|
||||
@@ -48,14 +48,13 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
# (language preference cookie is processed even if username and/or password are invalid)
|
||||
}
|
||||
|
||||
# TODO: move to AdminHandler->login
|
||||
$result = db_query ("SELECT password FROM $table_admin WHERE username='$fUsername' AND active='1'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array ($result['result']);
|
||||
$password = pacrypt ($fPassword, $row['password']);
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$crypt_password = pacrypt ($fPassword, $row['password']);
|
||||
if ($row['password'] != $crypt_password) {
|
||||
$error = 1;
|
||||
flash_error($PALANG['pLogin_failed']);
|
||||
}
|
||||
|
||||
@@ -56,7 +56,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array ($result['result']);
|
||||
$checked_password = pacrypt ($fPassword_current, $row['password']);
|
||||
$checked_password = escape_string(pacrypt ($fPassword_current, $row['password']));
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
|
||||
if ($result['rows'] != 1)
|
||||
@@ -79,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
|
||||
if ($error != 1)
|
||||
{
|
||||
$password = pacrypt ($fPassword);
|
||||
$password = escape_string(pacrypt ($fPassword));
|
||||
$result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user