Can still connect if option do not save clear password is reversed.

2025-02-20 13:46:52 +01:00 · 2008-11-19 18:19:51 +00:00 · 2008-11-19 18:19:51 +00:00 · 03010ac770
commit 03010ac770
parent 3ad5d6b566
3 changed files with 21 additions and 8 deletions
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@ -61,9 +61,11 @@ if ($_GET["action"] == 'activate_encrypt')
 	$db->begin();
 	
    dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1");
+
    $sql = "UPDATE ".MAIN_DB_PREFIX."user as u";
-	$sql.= " SET u.pass = NULL AND u.pass_crypted = MD5(u.pass)";
+	$sql.= " SET u.pass_crypted = MD5(u.pass), u.pass = NULL";
 	$sql.= " WHERE u.pass IS NOT NULL AND LENGTH(u.pass) < 32";	// Not a MD5 value
+	$sql.= " AND MD5(u.pass) IS NOT NULL";

 	//print $sql;
 	$result = $db->query($sql);
@ -75,6 +77,7 @@ if ($_GET["action"] == 'activate_encrypt')
 	}
 	else
 	{
+		$db->rollback();
 		dolibarr_print_error($db,'');
 	}
 }
--- a/htdocs/includes/login/functions_dolibarr.php
+++ b/htdocs/includes/login/functions_dolibarr.php
@ -63,23 +63,33 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
 				
 				// Check crypted password
 				$cryptType='';
-				if ($conf->global->DATABASE_PWD_ENCRYPTED) $cryptType='md5';
+				if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) $cryptType=$conf->global->DATABASE_PWD_ENCRYPTED;
+				// By default, we used MD5
+				if (! in_array($cryptType,array('md5'))) $cryptType='md5'; 
+				// Check crypted password according to crypt algorithm 
 				if ($cryptType == 'md5') 
 				{
-					if (md5($passtyped) == $passcrypted) $passok=true;
+					if (md5($passtyped) == $passcrypted) 
+					{
+						$passok=true;
+						dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
+					}
 				}

 				// For compatibility with old versions
 				if (! $passok)
 				{
 					if ((! $passcrypted || $passtyped) 
-						&& ($passtyped == $passclear)) $passok=true;
+						&& ($passtyped == $passclear)) 
+					{
+						$passok=true;
+						dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database");
+					}
 				}
 				
 				// Password ok ?
 				if ($passok)
 				{
-					dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok");
 					$login=$_POST["username"];
 				}
 				else
--- a/htdocs/index.php
+++ b/htdocs/index.php
@ -19,9 +19,9 @@
 */

 /**
- \file       htdocs/index.php
- \brief      Page accueil par defaut
- \version    $Id$
+ *	\file       htdocs/index.php
+ *	\brief      Page accueil par defaut
+ *	\version    $Id$
 */

 require("./pre.inc.php");