From ca6311c3d35f4cffc434f55bac38cd76b3d04b31 Mon Sep 17 00:00:00 2001
From: Camille Lafitte <cam.lafit@azerttyu.net>
Date: Tue, 29 Nov 2011 10:32:22 +0000
Subject: [PATCH] Permettre les mots de passe vide pour les comptes FTP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

 * closed #1284
 * CRYPT de mysql ne gere pas la chaine vide, on passe par la fonction PHP
  * microtime car autrement il utilse le sel le plus fort et ne gere pas pas un pass DESS et donc un crypt de 34 caractères
  * strrev car seul les 2 premiers caractéres du sel sont pris en compte , donc pour choper les microseconde
---
 bureau/class/m_ftp.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/bureau/class/m_ftp.php b/bureau/class/m_ftp.php
index 31b4bcb3..2450becd 100644
--- a/bureau/class/m_ftp.php
+++ b/bureau/class/m_ftp.php
@@ -204,8 +204,8 @@ class m_ftp {
 	  return false; // The error has been raised by checkPolicy()
 	}
       }
-
-      $db->query("UPDATE ftpusers SET name='".$prefixe.$login."', password='', encrypted_password=ENCRYPT('$pass'), homedir='/var/alternc/html/$l/$lo/$dir', uid='$cuid' WHERE id='$id';");
+      $encrypted_password = crypt($pass,strrev(microtime(true)));
+      $db->query("UPDATE ftpusers SET name='".$prefixe.$login."', password='', encrypted_password='$encrypted_password', homedir='/var/alternc/html/$l/$lo/$dir', uid='$cuid' WHERE id='$id';");
     } else {
       $db->query("UPDATE ftpusers SET name='".$prefixe.$login."', homedir='/var/alternc/html/$l/$lo/$dir', uid='$cuid' WHERE id='$id';");
     }
@@ -281,7 +281,8 @@ class m_ftp {
     }
 
     if ($quota->cancreate("ftp")) {
-      $db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ('".$prefixe.$login."', '', ENCRYPT('$pass'), '/var/alternc/html/$l/$lo/$dir', '$cuid')");
+      $encrypted_password = crypt($pass,strrev(microtime(true)));
+      $db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ('".$prefixe.$login."', '', '$encrypted_password', '/var/alternc/html/$l/$lo/$dir', '$cuid')");
       return true;
     } else {
       $err->raise("ftp",5);