wilde: server/kolab-webadmin/kolab-webadmin/www/admin/user user.php.in, 1.12, 1.13

cvs at kolab.org cvs at kolab.org
Wed Jan 10 17:00:00 CET 2007


Author: wilde

Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/user
In directory doto:/tmp/cvs-serv5426/kolab-webadmin/kolab-webadmin/www/admin/user

Modified Files:
	user.php.in 
Log Message:
Create SSHA (instead of plain SHA1) password hashes.  (fixes kolab/issue1013)


Index: user.php.in
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/user/user.php.in,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- user.php.in	10 Jan 2007 10:34:24 -0000	1.12
+++ user.php.in	10 Jan 2007 15:59:58 -0000	1.13
@@ -11,6 +11,7 @@
 require_once('@kolab_php_module_prefix at admin/include/locale.php');
 require_once('@kolab_php_module_prefix at admin/include/authenticate.php');
 require_once('@kolab_php_module_prefix at admin/include/form.class.php');
+require_once('@kolab_php_module_prefix at admin/include/passwd.php');
 
 /**** Functions ***/
 function comment( $s ) {
@@ -491,8 +492,7 @@
        $ldap_object['cn'] = trim($_POST['givenname']).' '.$ldap_object['sn'];
 	   $ldap_object['givenName'] = trim($_POST['givenname']);
        if( !empty( $_POST['password_0'] ) ) {
-		 $ldap_object['userPassword'] = '{sha}'.base64_encode( pack('H*', 
-																	sha1( $_POST['password_0'])));
+	         $ldap_object['userPassword'] = ssha( $_POST['password_0'], gensalt());
 		 if( $action == 'save' && $auth->dn() == $dn ) {
 		   // We are editing our own password, let's update the session!
 		   $auth->setPassword($_POST['password_0']);





More information about the commits mailing list