pureftpd_php_manager修改,支持md5
最近一些朋友在使用pureftpd_php_manager是遇到一些問題,一個就是不能使用md5加密的密碼。
看了一下pureftpd_php_manager的代碼,發現它只支持明碼和crypt加密。
所以,修改了一下index.php,加入了md5和password(mysql的password函數)的支持。
但手頭沒有環境,所以沒有經過測試。
各位如使用,有問題不要罵我,呵呵。把問題回復到本貼,我好改進。:)
下載后改名index.php :D
http://bbs.chinaunix.net/forum/uploadfile/index.php.jpg
《解決方案》
pureftpd_php_manager修改,支持md5
<?
// Aenderungen 25.5. Uwe Ahrendt
// www.bildpartner.de
// READ THE README !!!
/****************************************************
* PureFTP - PHP USer Manager by solariz
* Source (c) 2002 - www.solariz.de
****************************************************
CheckOut: http://www.solariz.de
*/
include("pureftp.config.php");
#################################################################
############### NO NEED FOR CHANGES BELOW HERE ##################
#################################################################
// Config einlesen
if(!file_exists($PUREFTP_CONFIG_FILE)) DIE("FATAL ERROR: Pure FTPD Config file not found.<br />;$PUREFTP_CONFIG_FILE");
$USERARRAY = array();
$raw = file($PUREFTP_CONFIG_FILE);
foreach($raw AS $zeile):
if(!ereg("^#",$zeile)): #skip comments
// Einlesen der einzelnen Zeilen als Variable
$tmp = split(" ",trim($zeile));
// UNIX Tab workaround
if(count($tmp) < 2)
$tmp = explode("\t",trim($zeile));
$var = strtoupper(trim($tmp));
for($n=1;$n<count($tmp);++$n) {
if(!empty($tmp[$n])) {
// $$var = trim($tmp[$n]);
// modified by wolfg
$$var = trim(strtolower($tmp[$n]));
break;
}#end if
}#end for
// Einlesen der Tabelle
if(empty($DB_TABLE) AND eregi("FROM\ [[:alnum:]]{1,20}\ WHERE",$zeile)):
$tmp2 = split("FROM ",$zeile);
$tmp2 = split(" WHERE",trim($tmp2));
$DB_TABLE = trim($tmp2);
unset($tmp2);
EndIF;
EndIf;
EndForEach;
if(empty($MYSQLSERVER)) $MYSQLSERVER = "localhost";
if(empty($DB_TABLE)) DIE("ERROR: Config error in pureftpd config file. No table specified.");
// UA
// if ($MYSQLCRYPT == "crypt") {$PW = TRUE;} else {$PW = FALSE;}
// modified by wolfg
if ($MYSQLCRYPT == "crypt" || $MYSQLCRYPT == "md5" || $MYSQLCRYPT == "password" || $MYSQLCRYPT == "any") {$PW = TRUE;} else {$PW = FALSE;}
// Current Version
$VERSION = "2.50";
$BUILD = "1018";
// Setein header
PAGE_HEADER();
// SQL Connection herstellen
DB_OPEN();
// FORM SUBIT AUSWERTUNG // Globals
$action = get_var("action");
$user = get_var("user");
if( $action == "edit" || $action == "add" ) {
// ADD value setter
if($action == "add"):
$USERARRAY['User'] = $DefaultUser;
// UA
//if ($PW) {$USERARRAY['Password'] = crypt($DefaultPass,$PWC); }
// else {$USERARRAY['Password'] = $DefaultPass; }
// modified by wolfg
$USERARRAY['Password'] = $DefaultPass;
$USERARRAY['Uid'] = $DefaultUid;
$USERARRAY['Gid'] = $DefaultGid;
$USERARRAY['Dir'] = $DefaultDir;
$USERARRAY['ULBandwidth'] = $DefaultUL;
$USERARRAY['DLBandwidth'] = $DefaultDL;
$USERARRAY['ipaccess'] = $Defaultip;
$USERARRAY['QuotaSize'] = $DefaultQS;
// UA
$USERARRAY['QuotaFiles'] = $DefaultQF;
$USERARRAY['comment'] = $Defaultcmt;
else:
unset($USERARRAY);
EndIf;
if(!empty($user) AND $user != "0") {
$USERARRAY=@MYSQL_FETCH_ARRAY(DB_QUERY("SELECT * FROM `$DB_TABLE` WHERE User LIKE '$user'"));
}#end if
if(!is_array($USERARRAY)) DIE("User Not found or DB error.<br />;".mysql_error());
echo '<form method=post action="'.$SELF_URL.'" onSubmit="return checkrequired(this)">;';
if(!empty($user)) echo '<input type="hidden" name="requireduser" value="'.stripslashes($USERARRAY['User']).'">;';
else echo '<input type="hidden" name="addnew" value="True">;';
echo '<input type="hidden" name="action" value="save">;';
echo '<table width="100%" class=TABLE>;';
echo '<tr>;<th>;Status</th>;<td class=TD>;<input type="radio" name="status" value="0"';
if($USERARRAY['status'] == 0) echo ' checked';
echo '>; Inactive&&&<input type="radio" name="status" value="1"';
if($USERARRAY['status'] == 1) echo ' checked';
echo '>; Active</td>;</tr>;';
if(!empty($user)) {
echo '<tr>;<th>;Delete user ?</th>;<td class=TD>;<input type="checkbox" name="delete">; Yes, i am know exactly what i am doing! (NO UNDO)</td>;</tr>;';
echo '<tr>;<th>;Username</th>;<td class=TD>;'.stripslashes($USERARRAY['User']).'</td>;</tr>;';
}
else
echo '<tr>;<th>;Username</th>;<td class=TD>;<input type="text" name="requireduser" class="input">;</td>;</tr>;';
echo '<tr>;';
echo '<th>;Password</th>;';
// UA
if ($PW) {
echo '<td class=TD>;<input type="text" name="requiredpass" value="<crypted>;" class="input">;</td>;</tr>;';
} else {
echo '<td class=TD>;<input type="text" name="requiredpass" value="'.stripslashes($USERARRAY['Password']).'" class="input">;</td>;</tr>;';
}
echo '<tr>;<th>;UID</th>;<td class=TD>;<input type="text" name="requireduid" value="'.stripslashes($USERARRAY['Uid']).'" class="input">;</td>;</tr>;';
echo '<tr>;<th>;GID</th>;<td class=TD>;<input type="text" name="requiredgid" value="'.stripslashes($USERARRAY['Gid']).'" class="input">;</td>;</tr>;';
echo '<tr>;<th>;DIR</th>;<td class=TD>;<input type="text" name="requireddir" value="'.stripslashes($USERARRAY['Dir']).'" class="input">;</td>;</tr>;';
echo '<tr>;<th>;UL Throttle kb/s</th>;<td class=TD>;<input type="text" name="requiredulthrottle" value="'.stripslashes($USERARRAY['ULBandwidth']).'" class="input">;</td>;</tr>;';
echo '<tr>;<th>;DL Throttle kb/s</th>;<td class=TD>;<input type="text" name="requireddlthrottle" value="'.stripslashes($USERARRAY['DLBandwidth']).'" class="input">;</td>;</tr>;';
echo '<tr>;<th>;IP ACCESS</th>;<td class=TD>;<input type="text" name="requiredipaccess" value="'.stripslashes($USERARRAY['ipaccess']).'" class="input">;<br />;<small>;Type in <b>;*</b>; for any IP</td>;</tr>;';
// UA
echo '<tr>;<th>;QuotaSize in MB</th>;<td class=TD>;<input type="text" name="requiredQuotaSize" value="'.stripslashes($USERARRAY['QuotaSize']).'" class="input">;<br />;<small>;Type in <b>;0</b>; for NO VirtualQuotaSize</td>;</tr>;';
// UA
echo '<tr>;<th>;QuotaFiles Anzahl</th>;<td class=TD>;<input type="text" name="requiredQuotaFiles" value="'.stripslashes($USERARRAY['QuotaFiles']).'" class="input">;<br />;<small>;Type in <b>;0</b>; for NO VirtualQuotaFiles</td>;</tr>;';
echo '<tr>;<th>;COMMENT</th>;<td class=TD>;<textarea name="comment" rows="6" cols="20" class="input">;'.stripslashes($USERARRAY['comment']).'</textarea>;</td>;</tr>;';
echo '</table>;';
echo '<center>;<input type="submit" value="Save" class="button" width="100%">;</center>;</form>;';
}#end edit
elseif($action == "save") {
$addnew = addslashes( get_var("addnew") );
$User = addslashes(get_var("requireduser"));
// UA - MG Optimized ;)
$Password = addslashes(get_var("requiredpass"));
IF($Password == '<crypted>;') $Password = '';
// modified by wolfg
//ELSEif($PW) $Password = crypt($Password, $PWC);
$Uid = addslashes(get_var("requireduid"));
$Gid = addslashes(get_var("requiredgid"));
$Dir = addslashes(get_var("requireddir"));
$ULThrottle = addslashes(get_var("requiredulthrottle"));
$DLThrottle = addslashes(get_var("requireddlthrottle"));
$QuotaSize = addslashes(get_var("requiredQuotaSize"));
// UA
$QuotaFiles = addslashes(get_var("requiredQuotaFiles"));
$comment = addslashes(get_var("comment"));
$status = addslashes(get_var("status"));
$delete = addslashes(get_var("delete"));
$ipaccess = addslashes(get_var("requiredipaccess"));
if(empty($User) || empty($Uid) || empty($Gid) || empty($Dir)) DIE("Invalid or missing data entered...");
if(empty($delete)) {
// Mini workarounds
//modified by wolfg
//if($Password) $PW_QUERY = ",Password='$Password'";
/* modification start here */
if($Password) {
if ($PW) {
if ($MYSQLCRYPT == "crypt") {
$PW_QUERY = ",Password=encrypt('$Password', '$PWC')";
}
elseif ($MYSQLCRYPT == "password") {
$PW_QUERY = ",Password=password('$Password')";
}
else {
$PW_QUERY = ",Password=md5('$Password')";
}
}
else {
$PW_QUERY = ",Password='$Password'"
}
}
/* modification end here */
if(!$status) $status = (string) '0';
if(!$ULBandwidth) $ULBandwidth = (string) '0';
if(!$DLBandwidth) $DLBandwidth = (string) '0';
if(!$QuotaSize) $QuotaSize = (string) '0';
if(!$QuotaFiles) $QuotaFiles = (string) '0';
if($addnew == False) {
$SQL = "UPDATE `$DB_TABLE` SET status='$status'".$PW_QUERY.",Uid='$Uid',Gid='$Gid',Dir='$Dir',ULBandwidth='$ULThrottle',DLBandwidth='$DLThrottle',comment='$comment',ipaccess='$ipaccess',QuotaSize='$QuotaSize',QuotaFiles='$QuotaFiles' WHERE User LIKE '$User' LIMIT 1";
$Q = DB_QUERY($SQL);
if($Q) echo "<SCRIPT LANGUAGE=\"JavaScript\">;\n<!--\nalert(\"User updated.\");\n//-->;\n</SCRIPT>;\n";
}#end if
else{
$Q = DB_QUERY("INSERT INTO `$DB_TABLE` SET User='$User',status='$status'".$PW_QUERY.",Uid='$Uid',Gid='$Gid',Dir='$Dir',ULBandwidth='$ULThrottle',DLBandwidth='$DLThrottle',comment='$comment',ipaccess='$ipaccess',QuotaSize='$QuotaSize',QuotaFiles='$QuotaFiles'");
if($Q) echo "<SCRIPT LANGUAGE=\"JavaScript\">;\n<!--\nalert(\"User added.\");\n//-->;\n</SCRIPT>;\n";
}#end if
}#end if
elseif($User && !empty($delete)){#DELETE
$Q = DB_QUERY("DELETE FROM `$DB_TABLE` WHERE User LIKE '$User' LIMIT 1");
if($Q) echo "<SCRIPT LANGUAGE=\"JavaScript\">;\n<!--\nalert(\"User deleted.\");\n//-->;\n</SCRIPT>;\n";
}#end if
echo "<SCRIPT LANGUAGE=\"JavaScript\">;\n<!--\nopener.location.reload();close();\n//-->;\n</SCRIPT>;\n";
}#end else (save)
######
elseif($action == "ftpwho") {
echo '<table border="4">;';
exec($FTP_WHO." -s", $ftpresult );
$arraySize = sizeof($ftpresult);
$x = 0;
echo '<table width="100%" class=TABLE>;';
echo '<th class=THsmall>;PID</td>;';
echo '<th class=THsmall>;user</td>;';
echo '<th class=THsmall>;min\'s</td>;';
echo '<th class=THsmall>;state</td>;';
echo '<th class=THsmall>;file</td>;';
echo '<th class=THsmall>;IP</td>;';
echo '<th class=THsmall>;current</td>;';
echo '<th class=THsmall>;total</td>;';
echo '<th class=THsmall>;%</td>;';
echo '<th class=THsmall>;bw.</td>;';
while($x < $arraySize):
$ftpwho = $ftpresult[$x];
list($pid, $user, $mins, $state, $file, $host, $port,$h, $current, $total, $percent, $bandwidth ) = explode("|", $ftpwho );
$mins = round($mins / 60);
if (empty($file) or !isset($file)) {
( $file = "---" );
++$ftp_activity;
}
else {
if(strlen($file) >; 10)
$file_short = substr($file,0,10);
$file = "<a href=\"#\" onClick=\"javascript:alert('$file');\">;$file_short...</a>;";
}#end else
$host = gethostbyname($host);
echo '<tr>;';
echo '<td class=TDsmall>;' .$pid. '</td>;';
echo '<td class=TDsmall>;' .$user. '</td>;';
echo '<td class=TDsmall>;' .$mins. '</td>;';
echo '<td class=TDsmall>;' .$state. '</td>;';
echo '<td class=TDsmall>;' .$file. '</td>;';
echo '<td class=TDsmall>;' .$host. '</td>;';
echo '<td class=TDsmall>;' .$current. '</td>;';
echo '<td class=TDsmall>;' .$total. '</td>;';
echo '<td class=TDsmall>;' .$percent. '</td>;';
echo '<td class=TDsmall>;' .$bandwidth. ' kb/s</td>;';
echo '</tr>;';
$x++;
EndWhile;
echo '</table>;';
if(!$ftp_activity) echo 'No users currenty using the FTP.<br>;';
echo '<p>;<center>;<input type=button value=" Close " onclick=self.close()>;';
echo '<input type=button value=" Refresh " onClick=" JavaScript : window.location.reload()">;</center>;';
}#end else (ftpwho)
######
elseif($action == "info") {
?>;
<font color=gray face="Verdana,Arial">;
<b>;sOLARiZ PureFTPd Manager</b>;<br>;
Version <?=$VERSION?>; Build <?=$BUILD?>;<br>;<br>;
About
<ul class="small_font">;
The first version of this Script was developed roughly at the end of 2001 in need of a simplyfied remote FTP administration. Since this many user submited changes / updates were integrated. If you got special wishes please let me know via mail.<br>;
One thing to note; I don't take any guarantee either I'm not liable for possible caused damage. This script is free no need to pay for it. But if you like it im be glad for a donation. Everything is welcome e.g. a PayPAL donation:<br>;
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">;
<input type="hidden" name="cmd" value="_xclick">;
<input type="hidden" name="business" value="paypal@solariz.de">;
<input type="hidden" name="item_name" value="PureFTPd Manager Donation">;
<input type="hidden" name="no_note" value="1">;
<input type="hidden" name="currency_code" value="EUR">;
<input type="hidden" name="tax" value="0">;
<input type="image" src="http://www.solariz.de/x-click-but04.gif" border="0" name="submit" alt="Zahlen Sie mit PayPal - schnell, kostenlos und sicher!">;
</form>;
<br>;
For Information or other stuff regarding pureFTPd Manager or other scripts please visit <a href="http://www.solariz.de" target=_blank>;www.solariz.de</a>;
</ul>;
ChangeLog
<ul class="small_font">;
<?
$raw = file("history.txt");
foreach($raw AS $hline):
echo stripslashes($hline)."<br>;\n";
EndForEach;
?>;
</ul>;
<?
}
ELSE {
// User auslesen und in Table darstellen
$viewpw = get_var("viewpw");
$Q=DB_QUERY("SELECT * FROM `$DB_TABLE` ORDER BY User");
echo '<table width="100%" class=TABLE>;';
echo '<tr>;<th>;LOGIN</th>;';
if($viewpw) echo '<th>;PASSWORD</th>;';
// UA
echo '<th>;UID</th>;<th>;GID</th>;<th>;DIR</th>;<th>;UL/ks</th>;<th>;DL/ks</th>;<th>;Quota Size</th>;<th>;Quota Files</th>;<th>;IP Access</th>;<th>;Status</th>;<th>;&</th>;</tr>;';
WHILE($R=MYSQL_FETCH_ARRAY($Q)) {
echo '<tr>;';
echo '<td class=TD>;'.$R['User'].'</td>;';
if($viewpw) echo '<td class=TDPW>;'.$R['Password'].'</td>;';
echo '<td class=TD>;'.$R['Uid'].'</td>;';
echo '<td class=TD>;'.$R['Gid'].'</td>;';
echo '<td class=TD>;'.$R['Dir'].'</td>;';
if($R['ULBandwidth']) echo '<td class=TD>;'.$R['ULBandwidth'].'</td>;';
ELSE echo '<td class=TD>;-</td>;';
if($R['DLBandwidth']) echo '<td class=TD>;'.$R['DLBandwidth'].'</td>;';
ELSE echo '<td class=TD>;-</td>;';
if($R['QuotaSize']) echo '<td class=TD>;'.$R['QuotaSize'].' MB</td>;';
ELSE echo '<td class=TD>;-</td>;';
// UA
if($R['QuotaFiles']) echo '<td class=TD>;'.$R['QuotaFiles'].'</td>;';
ELSE echo '<td class=TD>;-</td>;';
echo '<td class=TD>;'.$R['ipaccess'].'</td>;';
if($R['status'] == '0') echo '<td class="inactive">;inactive</td>;';
elseif($R['status'] == '1') echo '<td class="active">;active</td>;';
echo "<td width=30 class=TD>;<img src=\"gfx/ed.gif\" onClick=\"javascript:fenster('$SELF_URL?action=edit&user=".$R['User']."')\">;</td>;";
echo "</tr>;\n";
}#end while
echo '</table>;';
?>;
<table width="100%" class=TABLE2>;
<tr>;
<td align=left>;
<font color=gray>;
PureFTP User Management.<br />;
v<?=$VERSION?>; written by sOLARiZ <br />;
[<a href="javascript:fenster('<?=$SELF_URL?>;?action=info')">;<font color=#BA031B size=1>;Information</font>;</a>;]<br />;
</td>;
<td>;&</td>;
<td align=right valign=top>;
<?
// Nav Button stuff
echo "<table cellspacing=0 cellpadding=0>;<tr>;";
// Add User Button
ECHO "<td>;<input type=\"image\" src=\"gfx/addusr.gif\" class=button onClick=\"javascript:fenster('$SELF_URL?action=add')\">;</td>;";
// View Password Button
echo '<form method=post action="'.$PHP_SELF.'">;';
if($viewpw) echo '<input type="hidden" value=0 name="viewpw">;';
ELSE echo '<input type="hidden" value=1 name="viewpw">;';
ECHO '<td>;<input type="image" src="gfx/passwd.gif" value="View Passwords" alt="Toggle Passworddisplay"';
if(!$viewpw) echo ' class=button';
ECHO '>;</td>;';
echo '</form>;';
// Status Button
ECHO "<td>;<input type=\"image\" src=\"gfx/status.gif\" class=button onClick=\"javascript:fenster('$SELF_URL?action=ftpwho')\">;</td>;";
// Update Button
ECHO "<td>;<input type=\"image\" src=\"gfx/updates.gif\" class=button onClick=\"javascript:fenster('http://www.solariz.de/updates/pureftpdm.php?ver=$VERSION&ab=$BUILD')\">;</td>;";
echo "</tr>;</table>;";
########
echo '</td>;</tr>;</table>;';
}#end else
// SQL Verbindung schliessen
DB_CLOSE();
// Seite abschliessen
PAGE_FOOTER();
// EOC <--*
// Funktionen
function PAGE_HEADER() {
GLOBAL $VERSION, $BUILD;
include("inc/top.php");
}#end func
function PAGE_FOOTER() {
include("inc/bottom.php");
}#end func
function DB_OPEN() {
GLOBAL $MYSQLSERVER,$MYSQLUSER,$MYSQLPASSWORD,$MYSQLDATABASE,$MYSQLCON;
$MYSQLCON = @mysql_connect($MYSQLSERVER,$MYSQLUSER,$MYSQLPASSWORD);
if(!$MYSQLCON OR @mysql_error()) DIE("Can't establish DB connection.<br />;".mysql_error());
if(!@mysql_select_Db($MYSQLDATABASE)) DIE("Can't establish DB connection.<br />;".mysql_error());
}#end func
function DB_CLOSE() {
GLOBAL $MYSQLCON;
RETURN @mysql_close($MYSQLCON);
}#end func
function DB_QUERY($sql) {
GLOBAL $MYSQLCON,$MYSQLDATABASE;
$Q = @MySql_DB_query($MYSQLDATABASE,$sql,$MYSQLCON);
if(@mysql_error()) DIE("<b>;MySQL Error during Query !</b>;<br />;<br />;[$sql]<br />;".mysql_error());
return $Q;
}#end func
function get_var($var){
GLOBAL $$var;
GLOBAL $_POST,$_GET,$HTTP_POST_VAR,$HTTP_GET_VAR;
$inhalt = $$var;
# This function checks if the _GET or _POST var is set or if an old PHP version used
if($_POST[$var]) RETURN $_POST[$var];
elseif($HTTP_POST_VAR[$var]) RETURN $HTTP_POST_VAR[$var];
elseif($_GET[$var]) RETURN $_GET[$var];
elseif($HTTP_GET_VAR[$var]) RETURN $HTTP_GET_VAR[$var];
elseif($inhalt) RETURN $inhalt;
}#end func
?>;
《解決方案》
pureftpd_php_manager修改,支持md5
老大,換你的文件以後web界面下開設用戶什麼的根本訪問不到啊
《解決方案》
pureftpd_php_manager修改,支持md5
請寫出錯誤信息
《解決方案》
pureftpd_php_manager修改,支持md5
你改的這個沒看太懂。
其實如果簡單點,比如只用md5(只用crypt,那就不用改了)只需改這幾句:
1.if ($MYSQLCRYPT == "crypt") {$PW = TRUE;} else {$PW = FALSE;}將crypt改為md5
2.if ($PW) {$USERARRAY['Password'] = crypt($DefaultPass,$PWC); }將crypt($DefaultPass,$PWC)改為md5($DefaultPass)
3.$Password = crypt($Password, $PWC);和上面一樣
這裡要說明一下:crypt加密可以有個2位參數,也可以沒有。有和沒有的輸出結果是不一樣的。
crypt(.......),也可以crypt(.......,xx),加密出來的東西不一樣。比如用戶名u1密碼11,crypt('11'),密碼加密后』1A0i909cjY3xw『。用戶名u2密碼11,crypt('11','55'),密碼加密后『55w./BQ/BAcRs『,注意到前面的2個55了嗎?這不就是那個2位參數嘛!
分別用以上方法對密碼加密后,你登錄ftp不會有問題。因為系統會自動判斷密碼是用哪種方式加密(有2位參數的crypt有明顯特點)。也就是說,儘管加密方式略有不同,實際上crypt還是一回事,你輸入11能正常的登錄u1和u2這兩個用戶。
(這裡的2位參數$PWC是在index.php里定義的55)
md5沒有這個2位參數,$PWC也就沒有存在的必要了。所以要改為md5($DefaultPass)
crypt是unix的函數,在mysql操作里名字變成了encrypt。
此外,crypt會出現密碼少輸入1位(原本9位),也能登錄的情況,看來不行啊,還是用md5吧。
不知道chinaunix是不是也是用的crypt加密用戶密碼?
如果讓phpmanager支持多個加密方式,也許用switch case語句可以實現吧。
《解決方案》
pureftpd_php_manager修改,支持md5
還有,這個腳本是在unix下加密,再存到mysql里的。而unix沒有password這個函數吧,它只存在於mysql里。
不明白pureftpd用mysql是怎麼驗證密碼的?
是在unix下加密,然後和mysql里的對?(這應該不大可能,以password為例);還是直接拿到mysql里去加密,比對?
還是說,pureftpd集成了mysql的password函數?
《解決方案》
pureftpd_php_manager修改,支持md5
原帖由 "ataman" 發表:
還有,這個腳本是在unix下加密,再存到mysql里的。而unix沒有password這個函數吧,它只存在於mysql里。
不明白pureftpd用mysql是怎麼驗證密碼的?
是在unix下加密,然後和mysql里的對?(這應該不大可能,以passwo..........
我改的是在sql語句里用mysql的加密函數加密密碼。
看這裡
if($Password) {
if ($PW) {
if ($MYSQLCRYPT == "crypt") {
$PW_QUERY = ",Password=encrypt('$Password', '$PWC')";
}
elseif ($MYSQLCRYPT == "password") {
$PW_QUERY = ",Password=password('$Password')";
}
else {
$PW_QUERY = ",Password=md5('$Password')";
}
}
else {
$PW_QUERY = ",Password='$Password'"
}
}
《解決方案》
pureftpd_php_manager修改,支持md5
if ($PW) {$USERARRAY['Password'] = crypt($DefaultPass,$PWC); }
else {$USERARRAY['Password'] = $DefaultPass; }
$USERARRAY['Password'] = $DefaultPass;
我迷糊,原文里的這第一句不是被第三句覆蓋了嗎?
《解決方案》
pureftpd_php_manager修改,支持md5
這幾句與加密和存儲密碼到資料庫無關
《解決方案》
pureftpd_php_manager修改,支持md5
第一句就是用crypt加密。第2/3句是明碼。
$pw為1用crypt,0用明碼。
這3句還要聯繫上下文才能看明白。為什麼要有第3句?我不明白。
原來覺的學過點編程,現在看,連簡單的語句都不懂。
這三句都在上文的這句話后出現
if (xxx): ........
這樣的語句從沒見過...