From 243c3b262b609c3148d190e7ef4502c62e02c26a Mon Sep 17 00:00:00 2001 From: kkalev Date: Sat, 19 Feb 2005 00:58:05 +0000 Subject: [PATCH] Update password_check to work with all password attributes and use the configuration directives --- Changelog | 1 + lib/sql/password_check.php3 | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Changelog b/Changelog index b16b7a9..315c6eb 100644 --- a/Changelog +++ b/Changelog @@ -13,6 +13,7 @@ Ver 1.78: * Add a backup_radacct script * Add an sqlrelay functions file. The user_admin page does not currently work. Looking into it. * Add sqlrelay support in the scripts. Add a sqlrelay_query script to run sqlrelay commands +* Update password_check to work with all password attributes and use the configuration directives Ver 1.75: * A LOT of security related fixes. Now dialupadmin should hopefully be secure enough to be accessed by normal users (not administrators). diff --git a/lib/sql/password_check.php3 b/lib/sql/password_check.php3 index a2f8f11..582d059 100644 --- a/lib/sql/password_check.php3 +++ b/lib/sql/password_check.php3 @@ -12,15 +12,13 @@ if ($action == 'checkpass'){ if ($link){ $res = @da_sql_query($link,$config, "SELECT attribute,value FROM $config[sql_check_table] WHERE username = '$login' - AND (attribute = 'User-Password' OR attribute = 'Crypt-Password');"); + AND attribute = '$config[sql_password_attribute]';"); if ($res){ $row = @da_sql_fetch_array($res,$config); if (is_file("../lib/crypt/$config[general_encryption_method].php3")){ include("../lib/crypt/$config[general_encryption_method].php3"); $enc_passwd = $row[value]; - if ($row[attribute] == 'Crypt-Password') { - $passwd = da_encrypt($passwd,$enc_passwd); - } + $passwd = da_encrypt($passwd,$enc_passwd); if ($passwd == $enc_passwd) $msg = 'YES It is that'; else -- 2.39.5