Hi, I found the following code in lib/classes/ispconfig_isp_web.lib.php (around line 314): Code: if(substr($web["optionen_mysql_passwort"],0,5) != "||||:" and $web["optionen_mysql_passwort"] != "") { $go_api->db->query("UPDATE isp_isp_web SET optionen_mysql_passwort = concat('||||:' , password([b]optionen_mysql_passwort[/b])) where doc_id = '$doc_id'"); } Now I think that optionen_mysql_passwort (written bold) is wrong. It should be $web["optionen_mysql_passwort"], right? I did not test what that code actually does. I just saw that line and thought there is an error. Bernhard
Hi Bernhard, thank you for reviewing the code! The snippet above is correct. The if statement checks if "||||:" is not at the beginning of the password string and then it encrypts the content of the table column "optionen_mysql_passwort" with the mysql password command and adds "||||:" at the beginning. Till
