From 18e7404874ed3442a38cd538a7184cfc67951db1 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 21 Jan 2012 20:13:54 +0100
Subject: [PATCH] chpasswd.cgi: fixed for new MD5 password hashes.

---
 config/rootfiles/core/56/filelists/files | 1 +
 html/cgi-bin/chpasswd.cgi                | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/config/rootfiles/core/56/filelists/files b/config/rootfiles/core/56/filelists/files
index c82a52e08..26d35c5d4 100644
--- a/config/rootfiles/core/56/filelists/files
+++ b/config/rootfiles/core/56/filelists/files
@@ -1,6 +1,7 @@
 etc/system-release
 etc/issue
 etc/rc.d/init.d/smartenabler
+srv/web/ipfire/cgi-bin/chpasswd.cgi
 srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
 srv/web/ipfire/cgi-bin/media.cgi
 usr/local/bin/hddshutdown
diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi
index 6ce8787cf..ae9e6ec70 100644
--- a/html/cgi-bin/chpasswd.cgi
+++ b/html/cgi-bin/chpasswd.cgi
@@ -20,6 +20,7 @@
 ###############################################################################
 
 use CGI qw(param);
+use Crypt::PasswdMD5;
 
 $swroot = "/var/ipfire";
 
@@ -98,7 +99,10 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
 		$errormessage = $tr{'advproxy errmsg invalid user'};
 		goto ERROR;
 	}
-	if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd))
+	if (
+	    !(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) &&
+	    !(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)
+	   )
 	{
 		$errormessage = $tr{'advproxy errmsg password incorrect'};
 		goto ERROR;
-- 
2.39.2