fix for bug #1482
This commit is contained in:
Andreas Grundler
@@ -372,7 +372,7 @@ if ($page == 'admins'
|
|||||||
|
|
||||||
$ins_data = array(
|
$ins_data = array(
|
||||||
'loginname' => $loginname,
|
'loginname' => $loginname,
|
||||||
'password' => md5($password),
|
'password' => makeCryptPassword($password),
|
||||||
'name' => $name,
|
'name' => $name,
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'lang' => $def_language,
|
'lang' => $def_language,
|
||||||
@@ -637,7 +637,7 @@ if ($page == 'admins'
|
|||||||
} else {
|
} else {
|
||||||
if ($password != '') {
|
if ($password != '') {
|
||||||
$password = validatePassword($password);
|
$password = validatePassword($password);
|
||||||
$password = md5($password);
|
$password = makeCryptPassword($password);
|
||||||
} else {
|
} else {
|
||||||
$password = $result['password'];
|
$password = $result['password'];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -645,7 +645,7 @@ if ($page == 'customers'
|
|||||||
$ins_data = array(
|
$ins_data = array(
|
||||||
'adminid' => $userinfo['adminid'],
|
'adminid' => $userinfo['adminid'],
|
||||||
'loginname' => $loginname,
|
'loginname' => $loginname,
|
||||||
'passwd' => md5($password),
|
'passwd' => makeCryptPassword($password),
|
||||||
'name' => $name,
|
'name' => $name,
|
||||||
'firstname' => $firstname,
|
'firstname' => $firstname,
|
||||||
'gender' => $gender,
|
'gender' => $gender,
|
||||||
@@ -1215,7 +1215,7 @@ if ($page == 'customers'
|
|||||||
|
|
||||||
if ($password != '') {
|
if ($password != '') {
|
||||||
$password = validatePassword($password);
|
$password = validatePassword($password);
|
||||||
$password = md5($password);
|
$password = makeCryptPassword($password);
|
||||||
} else {
|
} else {
|
||||||
$password = $result['password'];
|
$password = $result['password'];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -199,7 +199,7 @@ if ($page == 'overview') {
|
|||||||
) {
|
) {
|
||||||
$old_password = validate($_POST['old_password'], 'old password');
|
$old_password = validate($_POST['old_password'], 'old password');
|
||||||
|
|
||||||
if (md5($old_password) != $userinfo['password']) {
|
if (!validatePasswordLogin($userinfo,$old_password,TABLE_PANEL_ADMINS,'adminid')) {
|
||||||
standard_error('oldpasswordnotcorrect');
|
standard_error('oldpasswordnotcorrect');
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
@@ -219,13 +219,11 @@ if ($page == 'overview') {
|
|||||||
$chgpwd_stmt = Database::prepare("
|
$chgpwd_stmt = Database::prepare("
|
||||||
UPDATE `" . TABLE_PANEL_ADMINS . "`
|
UPDATE `" . TABLE_PANEL_ADMINS . "`
|
||||||
SET `password`= :newpasswd
|
SET `password`= :newpasswd
|
||||||
WHERE `adminid`= :adminid
|
WHERE `adminid`= :adminid"
|
||||||
AND `password`= :oldpasswd"
|
|
||||||
);
|
);
|
||||||
Database::pexecute($chgpwd_stmt, array(
|
Database::pexecute($chgpwd_stmt, array(
|
||||||
'newpasswd' => md5($new_password),
|
'newpasswd' => makeCryptPassword($new_password),
|
||||||
'adminid' => (int)$userinfo['adminid'],
|
'adminid' => (int)$userinfo['adminid']
|
||||||
'oldpasswd' => md5($old_password)
|
|
||||||
));
|
));
|
||||||
$log->logAction(ADM_ACTION, LOG_NOTICE, 'changed password');
|
$log->logAction(ADM_ACTION, LOG_NOTICE, 'changed password');
|
||||||
redirectTo($filename, Array('s' => $s));
|
redirectTo($filename, Array('s' => $s));
|
||||||
|
|||||||
@@ -99,7 +99,7 @@ if ($page == 'overview') {
|
|||||||
} elseif ($page == 'change_password') {
|
} elseif ($page == 'change_password') {
|
||||||
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
if (isset($_POST['send']) && $_POST['send'] == 'send') {
|
||||||
$old_password = validate($_POST['old_password'], 'old password');
|
$old_password = validate($_POST['old_password'], 'old password');
|
||||||
if (md5($old_password) != $userinfo['password']) {
|
if (!validatePasswordLogin($userinfo,$old_password,TABLE_PANEL_CUSTOMERS,'customerid')) {
|
||||||
standard_error('oldpasswordnotcorrect');
|
standard_error('oldpasswordnotcorrect');
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
@@ -119,13 +119,11 @@ if ($page == 'overview') {
|
|||||||
// Update user password
|
// Update user password
|
||||||
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
|
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
|
||||||
SET `password` = :newpassword
|
SET `password` = :newpassword
|
||||||
WHERE `customerid` = :customerid
|
WHERE `customerid` = :customerid"
|
||||||
AND `password` = :oldpassword"
|
|
||||||
);
|
);
|
||||||
$params = array(
|
$params = array(
|
||||||
"newpassword" => md5($new_password),
|
"newpassword" => makeCryptPassword($new_password),
|
||||||
"customerid" => $userinfo['customerid'],
|
"customerid" => $userinfo['customerid']
|
||||||
"oldpassword" => md5($old_password)
|
|
||||||
);
|
);
|
||||||
Database::pexecute($stmt, $params);
|
Database::pexecute($stmt, $params);
|
||||||
$log->logAction(USR_ACTION, LOG_NOTICE, 'changed password');
|
$log->logAction(USR_ACTION, LOG_NOTICE, 'changed password');
|
||||||
|
|||||||
Reference in New Issue
Block a user