Changeset 7732
- Timestamp:
- 05/15/09 13:46:04 (3 years ago)
- Files:
-
- modules/branches/2.6/core/functions.inc.php (modified) (1 diff)
- modules/branches/2.6/core/page.ampusers.php (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
modules/branches/2.6/core/functions.inc.php
r7682 r7732 2504 2504 2505 2505 function core_ampusers_add($username, $password, $extension_low, $extension_high, $deptname, $sections) { 2506 $sql = "INSERT INTO ampusers (username, password , extension_low, extension_high, deptname, sections) VALUES (";2506 $sql = "INSERT INTO ampusers (username, password_sha256, extension_low, extension_high, deptname, sections) VALUES ("; 2507 2507 $sql .= "'".$username."',"; 2508 $sql .= "'".$password."',"; 2508 if (strlen($password) == 64) { 2509 // It's already a hash 2510 $sql .= "'".$password."'"; 2511 } else { 2512 // Hash it. 2513 $sql .= "'".hash("sha256", $password)."',"; 2514 } 2509 2515 $sql .= "'".$extension_low."',"; 2510 2516 $sql .= "'".$extension_high."',"; modules/branches/2.6/core/page.ampusers.php
r7630 r7732 23 23 $tech = isset($_REQUEST['tech'])?$_REQUEST['tech']:''; 24 24 25 $tabindex = 0; 25 26 // populate some global variables from the request string 26 27 $set_globals = array("username","password","extension_high","extension_low","deptname"); … … 30 31 } 31 32 } 33 $form_password_sha256 = stripslashes(isset($_REQUEST['password_sha256'])?$_REQUEST['password_sha256']:''); 32 34 33 35 //Search ALL active modules while generating admin access list … … 84 86 break; 85 87 case "editampuser": 86 core_ampusers_del($userdisplay); 87 core_ampusers_add($username, $password, $extension_low, $extension_high, $deptname, $sections); 88 // Check to make sure the hidden var is sane, and that they haven't change the password field 89 if (strlen($form_password_sha256)==64 && $password == "******") { 90 // Password unchanged 91 core_ampusers_del($userdisplay); 92 core_ampusers_add($username, $form_password_sha256, $extension_low, $extension_high, $deptname, $sections); 93 } elseif ($password != "******") { 94 // Password has been changed 95 core_ampusers_del($userdisplay); 96 core_ampusers_add($username, $password, $extension_low, $extension_high, $deptname, $sections); 97 } 88 98 //indicate 'need reload' link in footer.php 89 99 needreload(); … … 126 136 127 137 $username = $user["username"]; 128 $password = $user["password"]; 138 $password = "******"; 139 $password_sha256 = $user["password_sha256"]; 129 140 $extension_high = $user["extension_high"]; 130 141 $extension_low = $user["extension_low"]; … … 159 170 <input type="hidden" name="action" value=""/> 160 171 <input type="hidden" name="tech" value="<?php echo $tech?>"/> 172 <input type="hidden" name="password_sha256" value="<?php echo $password_sha256 ?>"/> 161 173 <table> 162 174 <tr> … … 183 195 <a href=# class="info"><?php echo _("Password<span>Create a password for this new user</span>")?></a>: 184 196 </td><td> 185 <input type="password" size="20" name="password" value="<? php echo $password;?>" tabindex="<?php echo ++$tabindex;?>"/>197 <input type="password" size="20" name="password" value="<? echo $password; ?>" tabindex="<?php echo ++$tabindex;?>"/> 186 198 </td> 187 199 </tr>
