chpasswd.cgi: fixed for new MD5 password hashes.

diff --git a/config/rootfiles/core/56/filelists/files b/config/rootfiles/core/56/filelists/files
index c82a52e0871d57c93c23b7e4223a9844a43bea50..26d35c5d432225846f68e7d3cd48900fa4ec313b 100644 (file)
--- a/config/rootfiles/core/56/filelists/files
+++ b/config/rootfiles/core/56/filelists/files
@@ -1,6 +1,7 @@
 etc/system-release
 etc/issue
 etc/rc.d/init.d/smartenabler
+srv/web/ipfire/cgi-bin/chpasswd.cgi
 srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
 srv/web/ipfire/cgi-bin/media.cgi
 usr/local/bin/hddshutdown

diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi
index 6ce8787cf73fd723cafdf69354102bba1989f7d5..ae9e6ec70b29bf47989b32d2ec820cb79e4f11b1 100644 (file)
--- a/html/cgi-bin/chpasswd.cgi
+++ b/html/cgi-bin/chpasswd.cgi
@@ -20,6 +20,7 @@
 ###############################################################################
 
 use CGI qw(param);
+use Crypt::PasswdMD5;
 
 $swroot = "/var/ipfire";
 
@@ -98,7 +99,10 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
                $errormessage = $tr{'advproxy errmsg invalid user'};
                goto ERROR;
        }
-       if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd))
+       if (
+           !(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) &&
+           !(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)
+          )
        {
                $errormessage = $tr{'advproxy errmsg password incorrect'};
                goto ERROR;