User's password encryption
4 posts by 2 authors in: Forums > CMS Builder
Last Post: July 12, 2013 (RSS)
By incube - July 9, 2013
Is it normal that the admin password is not encrypted in the cms_account BD'S but the other one created after the installation are all encrypted with sha1 ???
By gregThomas - July 9, 2013
Hi incube,
Thanks for bringing this to our attention. We will ensure that in the next release of CMS Builder the admin password is automatically encrypted as the CMS is installed.
For now there are several ways to encrypt the admins password after an install of CMS Builder:
- A user enters an invalid password while logging into the CMS.
- The user clicks "Save" on the "My Account" menu.
- An admin saves or updates their account record.
- Website Membership Plugin: A user entered an invalid password into the login form.
Let me know if you have any questions.
Cheers
Greg
PHP Programmer - interactivetools.com
By incube - July 9, 2013
In fact, I've tried to implement a section with passwords protection which is using CMS accounts... I've came to the problem I wasn't able to connect correctly since there is one user without any protection and other ones have an encryption.
I did something else to make it possible.
But I'll know for the next time.
By gregThomas - July 12, 2013
Here is a quick update on the bug.
We've integrated a patch into our latest build of CMS Builder, so the next release will contain the fix. If you would like to patch the bug on your own version of CMS Builder, you can do so by opening cmsAdmin/lib/admin_functions.php, then update line 242 to this:
username = '".mysql_escape( $_REQUEST['adminUsername'] )."', password = '".$passwordTextOrHash."',
The original line looks like this:
username = '".mysql_escape( $_REQUEST['adminUsername'] )."', password = '".mysql_escape($_REQUEST['adminPassword2'])."',
This will ensure that the encrypted password is saved to the database if encryption is being used when the CMS is being installed.
Let me know if you have any questions.
Thanks!
Greg
PHP Programmer - interactivetools.com