chpasswd.cgi: fixed for new MD5 password hashes.

2026-04-16 05:53:00 +02:00 · 2012-01-21 20:13:54 +01:00
parent d8799d9280
commit 18e7404874
2 changed files with 6 additions and 1 deletions
--- a/config/rootfiles/core/56/filelists/files
+++ b/config/rootfiles/core/56/filelists/files
@@ -1,6 +1,7 @@
 etc/system-release
 etc/issue
 etc/rc.d/init.d/smartenabler
+srv/web/ipfire/cgi-bin/chpasswd.cgi
 srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
 srv/web/ipfire/cgi-bin/media.cgi
 usr/local/bin/hddshutdown
--- a/html/cgi-bin/chpasswd.cgi
+++ b/html/cgi-bin/chpasswd.cgi
@@ -20,6 +20,7 @@
 ###############################################################################

 use CGI qw(param);
+use Crypt::PasswdMD5;

 $swroot = "/var/ipfire";

@@ -98,7 +99,10 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
 		$errormessage = $tr{'advproxy errmsg invalid user'};
 		goto ERROR;
 	}
-	if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd))
+	if (
+	    !(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) &&
+	    !(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)
+	   )
 	{
 		$errormessage = $tr{'advproxy errmsg password incorrect'};
 		goto ERROR;