From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 21 Jan 2012 19:13:54 +0000 (+0100)
Subject: chpasswd.cgi: fixed for new MD5 password hashes.
X-Git-Tag: v2.11-core56^2~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=18e7404874ed3442a38cd538a7184cfc67951db1;p=people%2Fstevee%2Fipfire-2.x.git

chpasswd.cgi: fixed for new MD5 password hashes.
---

diff --git a/config/rootfiles/core/56/filelists/files b/config/rootfiles/core/56/filelists/files
index c82a52e087..26d35c5d43 100644
--- a/config/rootfiles/core/56/filelists/files
+++ b/config/rootfiles/core/56/filelists/files
@@ -1,6 +1,7 @@
 etc/system-release
 etc/issue
 etc/rc.d/init.d/smartenabler
+srv/web/ipfire/cgi-bin/chpasswd.cgi
 srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
 srv/web/ipfire/cgi-bin/media.cgi
 usr/local/bin/hddshutdown
diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi
index 6ce8787cf7..ae9e6ec70b 100644
--- a/html/cgi-bin/chpasswd.cgi
+++ b/html/cgi-bin/chpasswd.cgi
@@ -20,6 +20,7 @@
 ###############################################################################
 
 use CGI qw(param);
+use Crypt::PasswdMD5;
 
 $swroot = "/var/ipfire";
 
@@ -98,7 +99,10 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
 		$errormessage = $tr{'advproxy errmsg invalid user'};
 		goto ERROR;
 	}
-	if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd))
+	if (
+	    !(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) &&
+	    !(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)
+	   )
 	{
 		$errormessage = $tr{'advproxy errmsg password incorrect'};
 		goto ERROR;