From f30527f19c6d17edb3f2dc0723c295c678118e0f Mon Sep 17 00:00:00 2001 From: kkalev Date: Wed, 26 Jun 2002 00:36:41 +0000 Subject: [PATCH] Pass the whole password as salt in da_encrypt() in password_check.php3 --- dialup_admin/Changelog | 1 + dialup_admin/lib/sql/password_check.php3 | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dialup_admin/Changelog b/dialup_admin/Changelog index 6274fd2..9d5ab64 100644 --- a/dialup_admin/Changelog +++ b/dialup_admin/Changelog @@ -11,6 +11,7 @@ Ver 1.30: * Make lib/ldap/password_check.php3 behave properly when it is passed a null password * Allow for daily/weekly/monthly limits to be set to none and show correct results in the show user page * Fix a small bug in user_admin.php3. +* Pass the whole password as salt in da_encrypt() in password_check.php3 Ver 1.29: * Add general_ld_library_path directive and set LD_LIBRARY_PATH accordingly (used in snmpfinger and radaclient). diff --git a/dialup_admin/lib/sql/password_check.php3 b/dialup_admin/lib/sql/password_check.php3 index f584fff..58c90ff 100644 --- a/dialup_admin/lib/sql/password_check.php3 +++ b/dialup_admin/lib/sql/password_check.php3 @@ -18,8 +18,7 @@ if ($action == 'checkpass'){ if (is_file("../lib/crypt/$config[general_encryption_method].php3")){ include("../lib/crypt/$config[general_encryption_method].php3"); $enc_passwd = $row[Value]; - $salt=substr($enc_passwd,0,2); - $passwd = da_encrypt($passwd,$salt); + $passwd = da_encrypt($passwd,$enc_passwd); if ($passwd == $enc_passwd) $msg = 'YES It is that'; else -- 2.1.4