Pass the whole password as salt in da_encrypt() in password_check.php3

diff --git a/dialup_admin/Changelog b/dialup_admin/Changelog
index 6274fd2..9d5ab64 100644 (file)
--- a/dialup_admin/Changelog
+++ b/dialup_admin/Changelog
@@ -11,6 +11,7 @@ Ver 1.30:
 * Make lib/ldap/password_check.php3 behave properly when it is passed a null password
 * Allow for daily/weekly/monthly limits to be set to none and show correct results in the show user page
 * Fix a small bug in user_admin.php3.
+* Pass the whole password as salt in da_encrypt() in password_check.php3
 Ver 1.29:
 * Add general_ld_library_path directive and set LD_LIBRARY_PATH accordingly (used in snmpfinger and
   radaclient).

diff --git a/dialup_admin/lib/sql/password_check.php3 b/dialup_admin/lib/sql/password_check.php3
index f584fff..58c90ff 100644 (file)
--- a/dialup_admin/lib/sql/password_check.php3
+++ b/dialup_admin/lib/sql/password_check.php3
@@ -18,8 +18,7 @@ if ($action == 'checkpass'){
                        if (is_file("../lib/crypt/$config[general_encryption_method].php3")){
                                include("../lib/crypt/$config[general_encryption_method].php3");
                                $enc_passwd = $row[Value];
-                               $salt=substr($enc_passwd,0,2);
-                               $passwd = da_encrypt($passwd,$salt);
+                               $passwd = da_encrypt($passwd,$enc_passwd);
                                if ($passwd == $enc_passwd)
                                        $msg = '<font color=blue><b>YES It is that</b></font>';
                                else