User's password encryption

Hi incube,

Thanks for bringing this to our attention. We will ensure that in the next release of CMS Builder the admin password is automatically encrypted as the CMS is installed.

For now there are several ways to encrypt the admins password after an install of CMS Builder:

• A user enters an invalid password  while logging into the CMS.
• The user clicks "Save" on the "My Account" menu.
• An admin saves or updates their account record.
• Website Membership Plugin: A user entered an invalid password into the login form. 

Let me know if you have any questions.

Cheers

Greg

Here is a quick update on the bug.

We've integrated a patch into our latest build of CMS Builder, so the next release will contain the fix. If you would like to patch the bug on your own version of CMS Builder, you can do so by opening cmsAdmin/lib/admin_functions.php, then update line 242 to this:

                          username         = '".mysql_escape( $_REQUEST['adminUsername'] )."', password = '".$passwordTextOrHash."',


The original line looks like this:

                          username         = '".mysql_escape( $_REQUEST['adminUsername'] )."', password = '".mysql_escape($_REQUEST['adminPassword2'])."',

This will ensure that the encrypted password is saved to the database if encryption is being used when the CMS is being installed.

Let me know if you have any questions.

Thanks!

Greg