Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General
Reload this Page [2.2.0] Possible bug in ispconfig_isp_web.inc.php
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th March 2006, 23:33
bjmg bjmg is offline
Junior Member
  
Join Date: Mar 2006
Location: Püttlingen, Saarland, Germany
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to bjmg
Default [2.2.0] Possible bug in ispconfig_isp_web.inc.php
Hi,

I found the following code in lib/classes/ispconfig_isp_web.lib.php (around line 314):
Code:
if(substr($web["optionen_mysql_passwort"],0,5) != "||||:" and $web["optionen_mysql_passwort"] != "") {
      $go_api->db->query("UPDATE isp_isp_web SET optionen_mysql_passwort = concat('||||:' , password(optionen_mysql_passwort)) where doc_id = '$doc_id'");
}
Now I think that optionen_mysql_passwort (written bold) is wrong. It should be $web["optionen_mysql_passwort"], right?

I did not test what that code actually does. I just saw that line and thought there is an error.

Bernhard
Reply With Quote
Sponsored Links
  #2  
Old 10th March 2006, 08:48
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,896
Thanks: 693
Thanked 4,191 Times in 3,207 Posts
 
Default
Quote:
Originally Posted by bjmg
Hi,

I found the following code in lib/classes/ispconfig_isp_web.lib.php (around line 314):
Code:
if(substr($web["optionen_mysql_passwort"],0,5) != "||||:" and $web["optionen_mysql_passwort"] != "") {
      $go_api->db->query("UPDATE isp_isp_web SET optionen_mysql_passwort = concat('||||:' , password(optionen_mysql_passwort)) where doc_id = '$doc_id'");
}
Now I think that optionen_mysql_passwort (written bold) is wrong. It should be $web["optionen_mysql_passwort"], right?

I did not test what that code actually does. I just saw that line and thought there is an error.

Bernhard

Hi Bernhard,

thank you for reviewing the code! The snippet above is correct. The if statement checks if "||||:" is not at the beginning of the password string and then it encrypts the content of the table column "optionen_mysql_passwort" with the mysql password command and adds "||||:" at the beginning.

Till
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 02:31.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.