| 193,7 → 193,7 |
|---|
| { |
| if ($ib_user_type == 2) |
| { |
| if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) |
| if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
| { |
| if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
| } |
| 230,7 → 230,7 |
|---|
| } |
| } |
| |
| $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); |
| $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); // TODO: use sha3 hash, salted and peppered |
| if (db_num($res) > 0) |
| { |
| $row = db_fetch($res); |
| 273,7 → 273,7 |
|---|
| { |
| if ($konfiguration['main_gastzugang']['enable_gast']) |
| { |
| $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
| $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
| if (db_num($res) > 0) |
| { |
| $row = db_fetch($res); |
| 330,7 → 330,7 |
|---|
| { |
| if ($konfiguration['main_gastzugang']['enable_gast']) |
| { |
| $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
| $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
| if (db_num($res) > 0) |
| { |
| $row = db_fetch($res); |
| 369,7 → 369,7 |
|---|
| } |
| else if ($_SESSION['ib_user_type'] == '1') |
| { |
| $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); |
| $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
| if (db_num($res) > 0) |
| { |
| $row = db_fetch($res); |
| 400,7 → 400,7 |
|---|
| } |
| else if ($_SESSION['ib_user_type'] == '2') |
| { |
| if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) |
| if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
| { |
| if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
| } |