View Single Post
Old 9th March 2006, 20:29
till till is online now
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,012
Thanks: 840
Thanked 5,651 Times in 4,461 Posts

Originally Posted by popeye
In /home/admispconfig/ispconfig/lib/classes/ispconfig_isp_user.lib.php
find (line 109 - 113)


and change it to:


It works for me.
ISPConfig implements the crypt-md5. It is a more secure alternative of the plain crypt function. Your implementation is pure md5 and not a replacement for the crypt-md5 that we implemented. But currently the variable content of $go_info["server"]["password_hash"] is misleading in

What do you think of this patch:

if($go_info["server"]["password_hash"] == 'crypt') {
$passwort = "||||:".crypt($user["user_passwort"],substr($user["user_passwort"],0,2));
} elseif ($go_info["server"]["password_hash"] == 'crypt-md5') {
$passwort = "||||:". crypt(stripslashes($user["user_passwort"]), "$1$".md5(time()) );
} else {
$passwort = "||||:". md5(stripslashes($user["user_passwort"]));
Also you will have to change this twice, once in the user_insert function and once in the user_update function. Both are in the same file.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from

Last edited by till; 9th March 2006 at 20:31.
Reply With Quote