summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--web/html/index.php5
-rw-r--r--web/lib/acctfuncs.inc6
2 files changed, 10 insertions, 1 deletions
diff --git a/web/html/index.php b/web/html/index.php
index 5814fec9..033a69e6 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -19,7 +19,10 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
if (!$login_error) {
# Try and authenticate the user
#
- $dbh = db_connect();
+
+ #md5 hash it
+ $_REQUEST["pass"] = md5($_REQUEST["pass"]);
+ $dbh = db_connect();
$q = "SELECT ID, Suspended FROM Users ";
$q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index d27b96f4..e56ceebc 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -245,6 +245,9 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
if ($TYPE == "new") {
# no errors, go ahead and create the unprivileged user
#
+
+ #md5hash the password
+ $P = md5($P);
$q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, ";
$q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) ";
$q.= "VALUES (1, 0, '".mysql_escape_string($U)."'";
@@ -275,6 +278,9 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
} else {
# no errors, go ahead and modify the user account
#
+
+ #md5 hash the password
+ $P = md5($P);
$q = "UPDATE Users SET ";
$q.= "Username = '".mysql_escape_string($U)."'";
if ($T) {