mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix password change for mysql auth

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@1232 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Adam Amstrong
2010-06-21 15:39:43 +00:00
parent e3cf6bb819
commit 8dfad7f27d
2 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
html/includes/authentication/mysql.inc.php
View File

@ -3,7 +3,7 @@
function authenticate($username,$password) function authenticate($username,$password)
{ {
$encrypted = md5($password); $encrypted = md5($password);
$sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'"; $sql = "SELECT username FROM `users` WHERE `username`='".$username."' AND `password`='".$encrypted."'";
$query = mysql_query($sql); $query = mysql_query($sql);
$row = @mysql_fetch_array($query); $row = @mysql_fetch_array($query);
if($row['username'] && $row['username'] == $username) if($row['username'] && $row['username'] == $username)
@ -18,10 +18,10 @@ function passwordscanchange()
return 1; return 1;
} }
function changepassword($username,$newpassword) function changepassword($username,$password)
{ {
$encrypted = md5($password); $encrypted = md5($password);
$sql = "UPDATE `users` SET password`='$encrypted' WHERE `username`='".$_SESSION['username']."'"; $sql = "UPDATE `users` SET `password` = '$encrypted' WHERE `username`='".$username."'";
$query = mysql_query($sql); $query = mysql_query($sql);
} }
@ -56,4 +56,4 @@ function get_userid($username)
return $row['user_id']; return $row['user_id'];
} }
?> ?>

22
html/pages/preferences.php
View File

@ -2,6 +2,28 @@
echo("<div style='margin: 10px'>"); echo("<div style='margin: 10px'>");
echo("<h3>User Preferences</h3>"); echo("<h3>User Preferences</h3>");
if($_POST['action'] == "changepass") {
if(authenticate($_SESSION['username'],$_POST['old_pass'])) {
if($_POST['new_pass'] == "" || $_POST['new_pass2'] == "")
{
$changepass_message = "Password must not be blank.";
}
elseif($_POST['new_pass'] == $_POST['new_pass2'])
{
changepassword($_SESSION['username'],$_POST['new_pass']);
$changepass_message = "Password Changed.";
}
else
{
$changepass_message = "Passwords don't match.";
}
} else {
$changepass_message = "Incorrect password";
}
}
include("includes/update-preferences-password.inc.php"); include("includes/update-preferences-password.inc.php");
echo("<div style='width: 800px; background-color: #fff; padding:5px; margin-bottom:10px; float:left;'>"); echo("<div style='width: 800px; background-color: #fff; padding:5px; margin-bottom:10px; float:left;'>");