* Add a backup_radacct script
* Add an sqlrelay functions file. The user_admin page does not currently work. Looking into it.
* Add sqlrelay support in the scripts. Add a sqlrelay_query script to run sqlrelay commands
+* Update password_check to work with all password attributes and use the configuration directives
Ver 1.75:
* A LOT of security related fixes. Now dialupadmin should hopefully be secure enough to
be accessed by normal users (not administrators).
if ($link){
$res = @da_sql_query($link,$config,
"SELECT attribute,value FROM $config[sql_check_table] WHERE username = '$login'
- AND (attribute = 'User-Password' OR attribute = 'Crypt-Password');");
+ AND attribute = '$config[sql_password_attribute]';");
if ($res){
$row = @da_sql_fetch_array($res,$config);
if (is_file("../lib/crypt/$config[general_encryption_method].php3")){
include("../lib/crypt/$config[general_encryption_method].php3");
$enc_passwd = $row[value];
- if ($row[attribute] == 'Crypt-Password') {
- $passwd = da_encrypt($passwd,$enc_passwd);
- }
+ $passwd = da_encrypt($passwd,$enc_passwd);
if ($passwd == $enc_passwd)
$msg = '<font color=blue><b>YES It is that</b></font>';
else