replace encrypt_mail_password function with generic gen_pw_hash (same logic/interface).
Hanno Böck commited on 2023-12-09 19:25:50
Zeige 3 geänderte Dateien mit 4 Einfügungen und 29 Löschungen.
- modules/email/include/common.php 09a55b2..0000000
- modules/email/include/mailaccounts.php d28af26..ec12283
- modules/email/include/vmail.php fc4fcf2..a2b7ff7
| ... | ... |
@@ -1,21 +0,0 @@ |
| 1 |
-<?php |
|
| 2 |
-/* |
|
| 3 |
-This file belongs to the Webinterface of schokokeks.org Hosting |
|
| 4 |
- |
|
| 5 |
-Written by schokokeks.org Hosting, namely |
|
| 6 |
- Bernd Wurst <bernd@schokokeks.org> |
|
| 7 |
- Hanno Böck <hanno@schokokeks.org> |
|
| 8 |
- |
|
| 9 |
-This code is published under a 0BSD license. |
|
| 10 |
- |
|
| 11 |
-Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
| 12 |
-*/ |
|
| 13 |
- |
|
| 14 |
-function encrypt_mail_password($newpass) |
|
| 15 |
-{
|
|
| 16 |
- DEBUG("unencrypted PW: »" . $newpass . "«");
|
|
| 17 |
- require_once('inc/base.php');
|
|
| 18 |
- $newpass = crypt($newpass, '$6$' . random_string(8) . '$'); |
|
| 19 |
- DEBUG("encrypted PW: " . $newpass);
|
|
| 20 |
- return chop($newpass); |
|
| 21 |
-} |
| ... | ... |
@@ -17,8 +17,6 @@ require_once('inc/security.php');
|
| 17 | 17 |
|
| 18 | 18 |
require_once('class/domain.php');
|
| 19 | 19 |
|
| 20 |
-require_once('common.php');
|
|
| 21 |
- |
|
| 22 | 20 |
function mailaccounts($uid) |
| 23 | 21 |
{
|
| 24 | 22 |
$uid = (int) $uid; |
| ... | ... |
@@ -86,7 +84,7 @@ function change_mailaccount($id, $arr) |
| 86 | 84 |
if ($result !== true) {
|
| 87 | 85 |
system_failure("Unsicheres Passwort: " . $result);
|
| 88 | 86 |
} |
| 89 |
- $encpw = encrypt_mail_password($arr['password']); |
|
| 87 |
+ $encpw = gen_pw_hash($arr['password']); |
|
| 90 | 88 |
array_push($conditions, "`password`=:password"); |
| 91 | 89 |
$values[":password"] = $encpw; |
| 92 | 90 |
} |
| ... | ... |
@@ -140,7 +138,7 @@ function create_mailaccount($arr) |
| 140 | 138 |
if ($result !== true) {
|
| 141 | 139 |
system_failure("Unsicheres Passwort: " . $result);
|
| 142 | 140 |
} |
| 143 |
- $values[':password'] = encrypt_mail_password($arr['password']); |
|
| 141 |
+ $values[':password'] = gen_pw_hash($arr['password']); |
|
| 144 | 142 |
} |
| 145 | 143 |
|
| 146 | 144 |
if (isset($arr['enabled'])) {
|
| ... | ... |
@@ -16,8 +16,6 @@ require_once('inc/debug.php');
|
| 16 | 16 |
|
| 17 | 17 |
require_once('hasdomain.php');
|
| 18 | 18 |
|
| 19 |
-require_once('common.php');
|
|
| 20 |
- |
|
| 21 | 19 |
|
| 22 | 20 |
function forward_type($target) |
| 23 | 21 |
{
|
| ... | ... |
@@ -172,7 +170,7 @@ function find_account_id($accname) |
| 172 | 170 |
function change_vmail_password($accname, $newpass) |
| 173 | 171 |
{
|
| 174 | 172 |
$accid = find_account_id($accname); |
| 175 |
- $encpw = encrypt_mail_password($newpass); |
|
| 173 |
+ $encpw = gen_pw_hash($newpass); |
|
| 176 | 174 |
db_query("UPDATE mail.vmail_accounts SET password=:encpw WHERE id=:accid", [":encpw" => $encpw, ":accid" => $accid]);
|
| 177 | 175 |
} |
| 178 | 176 |
|
| ... | ... |
@@ -288,7 +286,7 @@ function save_vmail_account($account) |
| 288 | 286 |
system_failure('Ihr Passwort ist zu einfach. bitte wählen Sie ein sicheres Passwort!' . "\nDie Fehlermeldung lautet: »{$crack}«");
|
| 289 | 287 |
return false; |
| 290 | 288 |
} |
| 291 |
- $password = encrypt_mail_password($account['password']); |
|
| 289 |
+ $password = gen_pw_hash($account['password']); |
|
| 292 | 290 |
} |
| 293 | 291 |
$set_password = ($id == null || $password != null); |
| 294 | 292 |
if ($account['password'] === null) {
|
| 295 | 293 |