ISPConfig 3.0.3.3-RC1 available for testing

[till]

The first release candidate (RC1) version of the upcoming ISPConfig 3.0.3.3 is available for download. RC versions are released for testing purposes, it is not recommended to use them on production systems.

This release is a bugfix release for ISPConfig 3.0.3.2

Changelog

http://bugtracker.ispconfig.org/inde...&status[]=

Download

http://www.ispconfig.org/downloads/I...3.3-rc1.tar.gz

Update instructions

Code:

cd /tmp
rm -rf /tmp/ispconfig3_install
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.3.3-rc1.tar.gz
tar xvfz ISPConfig-3.0.3.3-rc1.tar.gz
cd ispconfig3_install/install
php -q update.php

[xaver]

2 Problems with API
-> addclient password dose not work (updateClient work)
Problem is remoting_lib.inc.php

PHP Code:

Line 695 $password = crypt(stripslashes($password),$salt); 


This is normal md5 pw and if you comment out this line it work

-> Delete a User Domain stays. Not sites i mean module Domain

-> updateclient template_master not included
Lines

PHP Code:

        if(isset($params['template_master']) and $params['template_master'] > 0)
            {
                $template=$app->db->queryOneRecord("SELECT * FROM client_template WHERE template_id=".intval($params['template_master']));
                $params=array_merge($params,$template);
            } 


-> My own function in remoting.inc.php for getting next webID without SQL in my API.

PHP Code:

/* Get next AutoIncrement for sites_web_domain_add */

    public function sites_web_domain_nextID($session_id)
    {
        global $app;
        if(!$this->checkPerm($session_id, 'sites_web_domain_get')) {
            $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
            return false;
        }
        $table_info = $app->db->queryOneRecord("SHOW TABLE STATUS LIKE 'web_domain'");
        return $table_info["Auto_increment"];
    } 


[falko]

I've added this to our bugtracker, so we will check that.

[till]

Quote:

This is normal md5 pw and if you comment out this line it work

The password encryption mechanism used in current ispconfig versions is crypt and not md5.

[xaver]

If you use API and dont comment it out, password wont work.
In next lines are the insert with md5('.$password.') in the query.


UPDATE in remoting_lib.inc.php -> NO crypt -> after a update the account work perfect:

PHP Code:

        function ispconfig_sysuser_update($params,$client_id){
            global $app;
            $username = $app->db->quote($params["username"]);
            $password = $app->db->quote($params["password"]);
            $client_id = intval($client_id);
            $sql = "UPDATE sys_user set username = '$username', passwort = md5('$password') WHERE client_id = $client_id";
            $app->db->query($sql);
        } 


ADD in remoting_lib.inc.php -> crypt -> login with API created account wont work:

PHP Code:

            $salt="$1$";
            $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
            for ($n=0;$n<8;$n++) {
                $salt.=$base64_alphabet[mt_rand(0,63)];
            }
            $salt.="$";
            $password = crypt(stripslashes($password),$salt);
            $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
            VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)"; 


Add a normal account in ispconfig and look into the database in sys_user table -> its md5.
client table is crypt.

[till]

[I checked the file. The crypt line is correct. The bug was in line 697 which has to be:

Code:

VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";

Thanks for reporting the bug. I fixed the sql statement in svn.