Changeset 899

Show
Ignore:
Timestamp:
07/25/08 12:17:25 (1 month ago)
Author:
rach
Message:

encoded password in DB for the administrator.
No view on the admin pwd.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk

    • Property svn:ignore changed from
      .project
      a2billing_v2.kpf
      .pydevproject
      .settings
       to
      .project
      a2billing_v2.kpf
      .pydevproject
      .settings
      .cache

  • trunk/admin

    • Property svn:ignore set to
      .project
      .cache
      .settings

  • trunk/admin/Public/form_data/FG_var_user.inc

    r766 r899  
    11<?php 
    22 
    3 getpost_ifset(array('id', 'groupID', 'userid', 'login', 'password', 'perms', 'name', 'direction', 'zipcode', 'state', 'phone', 'fax', 'popup_select', 'popup_formname', 'popup_fieldname')); 
     3getpost_ifset(array('id', 'groupID', 'userid', 'login', 'pwd_encoded', 'perms', 'name', 'direction', 'zipcode', 'state', 'phone', 'fax', 'popup_select', 'popup_formname', 'popup_fieldname')); 
    44 
    55 
     
    5555$HD_Form -> AddViewElement(gettext("DATE CREATION"), "datecreation", "24%", "center", "sort", "19", "", "", "", "", "", "display_dateformat"); 
    5656$HD_Form -> AddViewElement(gettext("LOGIN"), "login", "24%", "center", "sort"); 
    57 $HD_Form -> AddViewElement(gettext("PASSWORD"), "password", "24%", "center", "sort"); 
    58  
    59 $HD_Form -> FieldViewElement ('userid, datecreation, login, password'); 
     57 
     58$HD_Form -> FieldViewElement ('userid, datecreation, login'); 
    6059 
    6160$HD_Form -> CV_NO_FIELDS  = gettext("NO")." ".strtoupper($HD_Form->FG_INSTANCE_NAME)." ".gettext("HAVE BEEN CREATED!"); 
     
    9089        gettext("Insert the username"), 
    9190        "" , "", "", "", "" , "", "", ""); 
    92  
    93 $HD_Form -> AddEditElement (gettext("PASSWORD"), 
    94         "password", 
    95         '$value', 
    96         "INPUT", 
    97         "size=30 maxlength=15", 
    98         "3", 
    99         gettext("Insert the Reseller password"), 
    100         "" , "", "", "", "", "", "", ""); 
    101  
     91         
     92if ($form_action=="ask-add" && $form_action=="add"){ 
     93        $HD_Form -> AddEditElement (gettext("PASSWORD"), 
     94                "pwd_encoded", 
     95                '$value', 
     96                "INPUT", 
     97                "type=password size=30 maxlength=15", 
     98                "3", 
     99                gettext("Insert the Reseller password"), 
     100                "" , "", "", "", "", "", "", ""); 
     101
    102102if ($groupID!="0"){ 
    103103        $HD_Form -> AddEditElement (gettext("PERMISSION"), 
     
    195195} 
    196196 
    197 $FG_QUERY_EDITION .= 'login, password, '; 
     197$FG_QUERY_EDITION .= 'login, '; 
     198 
     199if ($form_action =="ask-add" || $form_action=="add"){ 
     200        $FG_QUERY_EDITION='pwd_encoded,  '; 
     201
    198202 
    199203if ($groupID!="0"){ 

  • trunk/admin/Public/templates/default/css/main.css

    r212 r899  
    392392        padding-bottom: 0px; 
    393393        margin: 0px; 
    394         width: 40%; 
     394        width: 100%; 
    395395        padding-top: 0px; 
    396396        background-color: #f6f6f6; 

  • trunk/admin/Public/templates/default/main.tpl

    r860 r899  
    2727<div id="nav_before"></div> 
    2828<ul id="nav"> 
    29  
     29   
     30   
     31                <li><a href="#" target="_self"></a></a></li> 
     32        <ul><li><a href="A2B_entity_password.php?atmenu=password&form_action=ask-edit&stitle=Password"><strong>{php} echo gettext("PASSWORD");{/php}</strong></a></li></ul> 
     33                <li><a href="#" target="_self"></a></a></li> 
     34                 
    3035        {if ($ACXCUSTOMER > 0) } 
    3136        <div class="toggle_menu"> 
     
    459464        </div> 
    460465        {/if} 
     466 
     467         
    461468 
    462469        {if ($ACXADMINISTRATOR  > 0)} 

  • trunk/agent

    • Property svn:ignore set to
      .project
      .settings
      .cache

  • trunk/common

    • Property svn:ignore set to
      *.settings
      .cache
      .project

  • trunk/common/lib/admin.module.access.php

    r768 r899  
    153153        $user = trim($user); 
    154154        $pass = trim($pass); 
     155        $pass_encoded= hash( 'whirlpool',$pass); 
    155156        if (strlen($user)==0 || strlen($user)>=50 || strlen($pass)==0 || strlen($pass)>=50) return false; 
    156         $QUERY = "SELECT userid, perms, confaddcust, groupid FROM cc_ui_authen WHERE login = '".$user."' AND password = '".$pass."'"; 
     157        $QUERY = "SELECT userid, perms, confaddcust, groupid FROM cc_ui_authen WHERE login = '".$user."' AND pwd_encoded = '".$pass_encoded."'"; 
    157158 
    158159        $res = $DBHandle -> Execute($QUERY); 

  • trunk/common/lib/Form/Class.FormHandler.inc.php

    r893 r899  
    551551                        $this->_processed[$key] = $this -> sanitize_data($value); 
    552552                        if($key=='username')$this->_processed[$key] = trim($this->_processed[$key]); 
     553                        if($key=='pwd_encoded')$this->_processed[$key] = hash( 'whirlpool',$this->_processed[$key]); 
    553554                } 
    554555                return $this->_processed; 

  • trunk/customer

    • Property svn:ignore set to
      .project
      *.cache
      .settings

  • trunk/DataBase

    • Property svn:ignore set to
      .project

  • trunk/DataBase/mysql-5.x/UPDATE-a2billing-v1.3.0-to-v1.4.0-mysql.sql

    r896 r899  
    10321032ALTER TABLE cc_call ADD dnid CHAR( 40 ); 
    10331033 
    1034  
     1034-- CHANGE SECURITY ABOUT PASSWORD 
     1035 ALTER TABLE cc_ui_authen CHANGE password pwd_encoded VARCHAR( 250 ) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL  


Google