User's password encryption

4 posts by 2 authors in: Forums > CMS Builder
Last Post: July 12, 2013   (RSS)

By incube - July 9, 2013

Is it normal that the admin password is not encrypted in the cms_account BD'S but the other one created after the installation are all encrypted with sha1 ???

By incube - July 9, 2013

In fact, I've tried to implement a section with passwords protection which is using CMS accounts... I've came to the problem I wasn't able to connect correctly since there is one user without any protection and other ones have an encryption.

I did something else to make it possible. 

But I'll know for the next time.

By gregThomas - July 12, 2013

Here is a quick update on the bug.

We've integrated a patch into our latest build of CMS Builder, so the next release will contain the fix. If you would like to patch the bug on your own version of CMS Builder, you can do so by opening cmsAdmin/lib/admin_functions.php, then update line 242 to this:

                          username         = '".mysql_escape( $_REQUEST['adminUsername'] )."', password = '".$passwordTextOrHash."',

The original line looks like this:

                          username         = '".mysql_escape( $_REQUEST['adminUsername'] )."', password = '".mysql_escape($_REQUEST['adminPassword2'])."',

This will ensure that the encrypted password is saved to the database if encryption is being used when the CMS is being installed.

Let me know if you have any questions.

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com