crypt-md5 Passwort support

Croydon · Apr 15, 2008

As I changed one of my servers from confixx to ispconfig I needed to keep the
passwords of the confixx login-users.
As the sys_user table contains PASSWORD() or MD5() passwords I had to change
the login script to support crypt-md5 passwords, too.

Maybe this could be included in one of the next releases so I don't fall into problems when updating ispconfig?

/home/admispconfig/ispconfig/web/login/login.php

PHP:

$tmp = $db->queryOneRecord("SELECT `passwort` FROM `sys_user` WHERE `username` = '".$username."'"); $tmpcryptpw = crypt($passwort, substr($tmp["passwort"], 0, 12)); $laston = date("y-m-d H:i:s"); //$conn = mysql_query("SELECT * FROM sys_user where username = '$username'"); $sql = "SELECT * FROM sys_user WHERE username = '".$username."' AND (passwort = '".md5($passwort)."' OR passwort = PASSWORD('".$passwort."') OR passwort = '".$tmpcryptpw."')"; //die($sql); if ($passwort != "" && $row = $db->queryOneRecord($sql)){

/home/admispconfig/ispconfig/lib/classes/ispconfig_auth.lib.php

PHP:

/* Check nach login PUT Variablen*/ if (($username != "") && ($passwort != "")) { $username = addslashes($username); $passwort = addslashes($passwort); $tmp = $go_api->db->queryOneRecord("SELECT `passwort` FROM `sys_user` WHERE `username` = '$username'"); $tmpcryptpw = crypt($passwort, substr($tmp["passwort"], 0, 12)); if ($row = $go_api->db->queryOneRecord("SELECT username,doc_id FROM sys_user WHERE username = '$username' AND (passwort = PASSWORD('$passwort') OR passwort = '".md5($passwort)."' OR passwort = '".$tmpcryptpw."')")) { if($row["username"] == $username)

I don't know if this leads to problems with ispconfig but I hope it doesn't...?

Thanks
Marius

till · Apr 16, 2008

I've added this as feature request to the bugtracker.

jbravo · Apr 16, 2008

Doesn't ISPConfig support crypt-md5 passwords out of the box? Or we talk about different things
Code:
grep md5 /home/admispconfig/ispconfig/lib/config.inc.php
$go_info["server"]["password_hash"] = 'md5'; // 'crypt' = crypt; 'md5' = crypt-md5

till · Apr 16, 2008

ISPConfig supports crypt-md5 out of the box for Linux system users (mail and FTP) in /etc/password. The above patch is something different, it enables crypt-md5 support for the ISPConfig client login, which is stored in the sys_user table in the ISPConfigMySQL database. By default, ISPConfig uses md5 hashes in sys_user table.

Log in or Sign up

crypt-md5 Passwort support

Croydon ISPConfig Developer ISPConfig Developer

till Super Moderator Staff Member ISPConfig Developer

jbravo Member

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Log in or Sign up

crypt-md5 Passwort support

Croydon ISPConfig Developer ISPConfig Developer

till Super Moderator Staff Member ISPConfig Developer

jbravo Member

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Useful Searches