From d89f342a1a4de409ab201d848fa7dfb0d1f71695 Mon Sep 17 00:00:00 2001 From: Marcin Haba Date: Tue, 14 Jul 2015 20:06:34 +0200 Subject: [PATCH] baculum: Change storing HTTP Basic passwords to hash form --- gui/baculum/protected/Class/ConfigurationManager.php | 1 + gui/baculum/protected/Pages/ConfigurationWizard.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/gui/baculum/protected/Class/ConfigurationManager.php b/gui/baculum/protected/Class/ConfigurationManager.php index f658136a46..0986ba5d16 100644 --- a/gui/baculum/protected/Class/ConfigurationManager.php +++ b/gui/baculum/protected/Class/ConfigurationManager.php @@ -159,6 +159,7 @@ class ConfigurationManager extends TModule */ public function setUsersConfig($user, $password, $firstUsage = false, $oldUser = null) { $usersFile = Prado::getPathOfNamespace(self::USERS_FILE, '.users'); + $password = crypt($password, base64_encode($password)); if($firstUsage === true) { $this->clearUsersConfig(); } diff --git a/gui/baculum/protected/Pages/ConfigurationWizard.php b/gui/baculum/protected/Pages/ConfigurationWizard.php index a296552784..29472aaac2 100644 --- a/gui/baculum/protected/Pages/ConfigurationWizard.php +++ b/gui/baculum/protected/Pages/ConfigurationWizard.php @@ -114,7 +114,7 @@ class ConfigurationWizard extends BaculumPage $urlPrefix = $this->Application->getModule('friendly-url')->getUrlPrefix(); $location = sprintf("%s://%s:%s@%s:%d%s", $http_protocol, $cfgData['baculum']['login'], $cfgData['baculum']['password'], $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $urlPrefix); header("Location: $location"); - return; + exit(); } else { // standard version (user defined auth method) $this->goToDefaultPage(); } -- 2.39.5